NVD Vulnerability Detail

CVE-2008-1835

Summary	ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
Publication Date	April 17, 2008, 1:05 a.m.
Registration Date	Jan. 29, 2021, 1:35 p.m.
Last Update	Aug. 8, 2017, 10:30 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:clam_anti-virus:clamav:0.15:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.20:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.21:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.22:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.23:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.24:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.51:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.52:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.53:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.54:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.60:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.60p:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.65:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.67:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.68:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.68.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.70:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.71:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.72:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.73:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.74:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.75:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.75.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.81:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.82:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.83:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.85:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.85.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86.2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.87:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.87.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.3:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.4:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.5:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.6:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.7:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90.2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.91:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.91.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.91.2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.91rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.91rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.92:::::::*
cpe:2.3:a:clam_anti-virus:clamav::::::::		0.92.1

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html	APPLE
2	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html	SUSE
3	http://secunia.com/advisories/29891	SECUNIA
4	http://secunia.com/advisories/30328	SECUNIA
5	http://secunia.com/advisories/31576	SECUNIA
6	http://secunia.com/advisories/31882	SECUNIA
7	http://security.gentoo.org/glsa/glsa-200805-19.xml	GENTOO
8	http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html	CONFIRM
9	http://www.mandriva.com/security/advisories?name=MDVSA-2008:088	MANDRIVA
10	http://www.securityfocus.com/bid/28784	BID
11	http://www.us-cert.gov/cas/techalerts/TA08-260A.html	CERT	US Government Resource
12	http://www.vupen.com/english/advisories/2008/2584	VUPEN
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/41874	XF
14	https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541	CONFIRM

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:clam_anti-virus:clamav:0.15:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.20:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.21:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.22:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.23:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.24:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.51:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.52:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.53:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.54:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.60:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.60p:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.65:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.67:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.68:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.68.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.70:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.71:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.72:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.73:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.74:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.75:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.75.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.81:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.82:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.83:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.85:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.85.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86.2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.87:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.87.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.3:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.4:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.5:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.6:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.7:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90.2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.91:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.91.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.91.2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.91rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.91rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.92:::::::*
cpe:2.3:a:clam_anti-virus:clamav::::::::		0.92.1