CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.
References
Link Resource
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html Patch Vendor Advisory
http://secunia.com/advisories/19534 Patch Vendor Advisory
http://secunia.com/advisories/19536 Patch Vendor Advisory
http://secunia.com/advisories/19564 Patch Vendor Advisory
http://secunia.com/advisories/19567 Vendor Advisory
http://secunia.com/advisories/19570 Patch Vendor Advisory
http://secunia.com/advisories/19608 Patch Vendor Advisory
http://secunia.com/advisories/20077 Vendor Advisory
http://secunia.com/advisories/23719 Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638 Patch
http://up2date.astaro.com/2006/05/low_up2date_6202.html
http://www.debian.org/security/2006/dsa-1024 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:067
http://www.osvdb.org/24458
http://www.securityfocus.com/bid/17388 Patch
http://www.securityfocus.com/bid/17951
http://www.trustix.org/errata/2006/0020
http://www.us-cert.gov/cas/techalerts/TA06-132A.html US Government Resource
http://www.vupen.com/english/advisories/2006/1258 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1779 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25661
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html Patch Vendor Advisory
http://secunia.com/advisories/19534 Patch Vendor Advisory
http://secunia.com/advisories/19536 Patch Vendor Advisory
http://secunia.com/advisories/19564 Patch Vendor Advisory
http://secunia.com/advisories/19567 Vendor Advisory
http://secunia.com/advisories/19570 Patch Vendor Advisory
http://secunia.com/advisories/19608 Patch Vendor Advisory
http://secunia.com/advisories/20077 Vendor Advisory
http://secunia.com/advisories/23719 Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638 Patch
http://up2date.astaro.com/2006/05/low_up2date_6202.html
http://www.debian.org/security/2006/dsa-1024 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:067
http://www.osvdb.org/24458
http://www.securityfocus.com/bid/17388 Patch
http://www.securityfocus.com/bid/17951
http://www.trustix.org/errata/2006/0020
http://www.us-cert.gov/cas/techalerts/TA06-132A.html US Government Resource
http://www.vupen.com/english/advisories/2006/1258 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1779 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25661
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.8:rc3:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:rc1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:09

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2006/May/msg00003.html - () http://lists.apple.com/archives/security-announce/2006/May/msg00003.html -
References () http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html - Patch, Vendor Advisory () http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html - Patch, Vendor Advisory
References () http://secunia.com/advisories/19534 - Patch, Vendor Advisory () http://secunia.com/advisories/19534 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19536 - Patch, Vendor Advisory () http://secunia.com/advisories/19536 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19564 - Patch, Vendor Advisory () http://secunia.com/advisories/19564 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19567 - Vendor Advisory () http://secunia.com/advisories/19567 - Vendor Advisory
References () http://secunia.com/advisories/19570 - Patch, Vendor Advisory () http://secunia.com/advisories/19570 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19608 - Patch, Vendor Advisory () http://secunia.com/advisories/19608 - Patch, Vendor Advisory
References () http://secunia.com/advisories/20077 - Vendor Advisory () http://secunia.com/advisories/20077 - Vendor Advisory
References () http://secunia.com/advisories/23719 - Vendor Advisory () http://secunia.com/advisories/23719 - Vendor Advisory
References () http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638 - Patch () http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638 - Patch
References () http://up2date.astaro.com/2006/05/low_up2date_6202.html - () http://up2date.astaro.com/2006/05/low_up2date_6202.html -
References () http://www.debian.org/security/2006/dsa-1024 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-1024 - Patch, Vendor Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml - Patch, Vendor Advisory () http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml - Patch, Vendor Advisory
References () http://www.mandriva.com/security/advisories?name=MDKSA-2006:067 - () http://www.mandriva.com/security/advisories?name=MDKSA-2006:067 -
References () http://www.osvdb.org/24458 - () http://www.osvdb.org/24458 -
References () http://www.securityfocus.com/bid/17388 - Patch () http://www.securityfocus.com/bid/17388 - Patch
References () http://www.securityfocus.com/bid/17951 - () http://www.securityfocus.com/bid/17951 -
References () http://www.trustix.org/errata/2006/0020 - () http://www.trustix.org/errata/2006/0020 -
References () http://www.us-cert.gov/cas/techalerts/TA06-132A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA06-132A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2006/1258 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1258 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/1779 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1779 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/25661 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/25661 -

Information

Published : 2006-04-06 22:04

Updated : 2024-11-21 00:09


NVD link : CVE-2006-1615

Mitre link : CVE-2006-1615

CVE.ORG link : CVE-2006-1615


JSON object : View

Products Affected

clamav

  • clamav
CWE
CWE-134

Use of Externally-Controlled Format String