製品・ソフトウェアに関する情報

JVN脆弱性詳細

ClamAV におけるバッファオーバーフローの脆弱性

Title	ClamAV におけるバッファオーバーフローの脆弱性
Summary	ClamAV には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	リモートの Web サーバにより、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 1, 2006, midnight
Registration Date	March 11, 2014, 5:43 p.m.
Last Update	March 11, 2014, 5:43 p.m.

Affected System

ClamAV

ClamAV 0.80 から 0.88.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-1989	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1989
National Vulnerability Database (NVD)
2	CVE-2006-1989	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1989

ベンダー情報

No	Name	URL
関連リンク
1	0.88.2	http://www.clamav.net/security/0.88.2.html
2	17754	http://www.securityfocus.com/bid/17754
3	19880	http://secunia.com/advisories/19880
4	kolab-vendor-notice-09.txt	http://kolab.org/security/kolab-vendor-notice-09.txt

その他

No	Name	URL
US-CERT Vulnerability Note
1	VU#599220	http://www.kb.cert.org/vuls/id/599220

Change Log

No	Changed Details	Date of change
0	[2014年03月11日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-1989

Summary	Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
Summary	This vulnerability is addressed in the following product release: Clam Anti-Virus, ClamAV, 0.88.2
Publication Date	May 2, 2006, 4:06 a.m.
Registration Date	Jan. 29, 2021, 3:36 p.m.
Last Update	July 20, 2017, 10:31 a.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource	タグ
1	http://kolab.org/security/kolab-vendor-notice-09.txt	CONFIRM
2	http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html	APPLE
3	http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html	SUSE
4	http://secunia.com/advisories/19874	SECUNIA
5	http://secunia.com/advisories/19880	SECUNIA	Exploit Patch Vendor Advisory
6	http://secunia.com/advisories/19912	SECUNIA
7	http://secunia.com/advisories/19963	SECUNIA
8	http://secunia.com/advisories/19964	SECUNIA
9	http://secunia.com/advisories/20117	SECUNIA
10	http://secunia.com/advisories/20159	SECUNIA
11	http://secunia.com/advisories/20877	SECUNIA
12	http://securitytracker.com/id?1016392	SECTRACK
13	http://www.clamav.net/security/0.88.2.html	CONFIRM	Exploit Vendor Advisory
14	http://www.debian.org/security/2006/dsa-1050	DEBIAN
15	http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml	GENTOO
16	http://www.kb.cert.org/vuls/id/599220	CERT-VN	US Government Resource
17	http://www.mandriva.com/security/advisories?name=MDKSA-2006:080	MANDRIVA
18	http://www.novell.com/linux/security/advisories/2006_05_05.html	SUSE
19	http://www.osvdb.org/25120	OSVDB
20	http://www.securityfocus.com/bid/17754	BID	Patch
21	http://www.trustix.org/errata/2006/0024	TRUSTIX
22	http://www.vupen.com/english/advisories/2006/1586	VUPEN
23	http://www.vupen.com/english/advisories/2006/2566	VUPEN
24	https://exchange.xforce.ibmcloud.com/vulnerabilities/26182	XF

Common Vulnerabilities List