ID

VAR-201606-0327


CVE

CVE-2016-1405


TITLE

Cisco E Email Security Appliance and Web Security Used by appliance devices ClamAV Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-003096

DESCRIPTION

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. Vendors have confirmed this vulnerability Bug ID CSCuv78533 It is released as.Denial of service operations through crafted documents by third parties (AMP Restart process ) There is a possibility of being put into a state. Multiple Cisco products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the AMP process to restart, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCuv78533, and CSCuw60503. This issue is fixed in: Cisco ClamAV 0.99 Cisco Email Security Appliance 9.7.0-125 Cisco Web Security Appliance 9.1.1-041, and 9.0.1-135. Clam AntiVirus (ClamAV) is a set of free and open-source antivirus software developed by the ClamAV team to detect Trojans, viruses, malware, and other malicious threats. A security vulnerability exists in libclamav in ClamAV in Cisco AMP for ESA and WSA due to the program not properly parsing input files. The following products and versions are affected: Cisco AMP for ESA before 9.7.0-125, Cisco AMP for WSA before 9.0.1-135, and Cisco AMP for WSA 9.1.x before 9.1.1-041. =========================================================================== Ubuntu Security Notice USN-3093-1 September 28, 2016 clamav vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: ClamAV could be made to crash or run programs if it processed a specially crafted file. Software Description: - clamav: Anti-virus utility for Unix Details: It was discovered that ClamAV incorrectly handled certain malformed files. In the default installation, attackers would be isolated by the ClamAV AppArmor profile. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: clamav 0.99.2+dfsg-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: clamav 0.99.2+addedllvm-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: clamav 0.99.2+addedllvm-0ubuntu0.12.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3093-1 CVE-2016-1371, CVE-2016-1372, CVE-2016-1405 Package Information: https://launchpad.net/ubuntu/+source/clamav/0.99.2+dfsg-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.12.04.1

Trust: 2.07

sources: NVD: CVE-2016-1405 // JVNDB: JVNDB-2016-003096 // BID: 90968 // VULHUB: VHN-90224 // PACKETSTORM: 138895

AFFECTED PRODUCTS

vendor:clamavmodel:clamavscope: - version: -

Trust: 1.4

vendor:ciscomodel:web security appliancescope:eqversion:8.8.0-085

Trust: 1.3

vendor:ciscomodel:email security appliancescope:eqversion:9.6.0-042

Trust: 1.3

vendor:ciscomodel:web security appliancescope:eqversion:9.1.0-070

Trust: 1.0

vendor:ciscomodel:web security appliancescope:eqversion:9.5.0-284

Trust: 1.0

vendor:clamavmodel:clamavscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:web security the appliancescope:ltversion:9.1.x

Trust: 0.8

vendor:ciscomodel:web security the appliancescope:eqversion:9.1.1-041

Trust: 0.8

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.0.7

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.0.5

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.5.1

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.5

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.1.4

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.1.3

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.1.2

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.1.1

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.1

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:9.0

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.8

Trust: 0.3

vendor:ciscomodel:web security appliance 8.7.0-171-ldscope: - version: -

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.7

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.6

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.5.3-051

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.5.2-004

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.5.1-021

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.5.0.000

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.5.0-497

Trust: 0.3

vendor:ciscomodel:web security appliance hot patchscope:eqversion:8.51

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.5

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.1.0-235

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.0.8-113

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.0.7-151

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.0.7-142

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.0.6-115

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.0.6-078

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.0.6-073

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.0.6

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.7.0-757

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.7.0-725

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.7.0-602

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.7.0-550

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.7

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.5.1-201

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.5.0-838

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.1.4-101

Trust: 0.3

vendor:ciscomodel:web security appliancescope:eqversion:7.1.3-013

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:8.0.2

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:8.0.1

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.6.2

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.6.1

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.6

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.5.2

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.5.1

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.5

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.3.2

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.3.1

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.3

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.1.5

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.1.4

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.1.3

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.1.2

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.1.1

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.1

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:9.6.0-051

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:9.6.0-046

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:9.6

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:9.5.0-201

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:9.5

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:9.1.1-023

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:9.1.0-032

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:9.1

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:9.0.0-461

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:9.0

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:8.5.7-043

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:8.5.7-042

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:8.5.6-074

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:8.5.6-073

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:8.5.6-106

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:8.5

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:8.0.1-023

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.8

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.6.3-019

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.1.5-106

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:3.3.1-09

Trust: 0.3

vendor:ciscomodel:clamavscope:eqversion:0.98.7

Trust: 0.3

vendor:ciscomodel:clamavscope:eqversion:0.98.5

Trust: 0.3

vendor:ciscomodel:clamavscope:eqversion:0.98.4

Trust: 0.3

vendor:ciscomodel:clamavscope:eqversion:0.98

Trust: 0.3

vendor:ciscomodel:clamavscope:eqversion:0.97.8

Trust: 0.3

vendor:ciscomodel:clamavscope:eqversion:0.98.6

Trust: 0.3

vendor:ciscomodel:web security appliancescope:neversion:9.1.1-041

Trust: 0.3

vendor:ciscomodel:web security appliancescope:neversion:9.0.1-135

Trust: 0.3

vendor:ciscomodel:email security appliancescope:neversion:9.7.0-125

Trust: 0.3

vendor:ciscomodel:clamavscope:neversion:0.99

Trust: 0.3

sources: BID: 90968 // JVNDB: JVNDB-2016-003096 // CNNVD: CNNVD-201605-717 // NVD: CVE-2016-1405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1405
value: HIGH

Trust: 1.0

NVD: CVE-2016-1405
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201605-717
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90224
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1405
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90224
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1405
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90224 // JVNDB: JVNDB-2016-003096 // CNNVD: CNNVD-201605-717 // NVD: CVE-2016-1405

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-90224 // JVNDB: JVNDB-2016-003096 // NVD: CVE-2016-1405

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 138895 // CNNVD: CNNVD-201605-717

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201605-717

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003096

PATCH

title:cisco-sa-20160531-wsa-esaurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa

Trust: 0.8

title:ChangeLogurl:https://github.com/vrtadmin/clamav-devel/blob/master/ChangeLog

Trust: 0.8

title:Cisco Advance Malware Protection for Email Security Appliance and Web Security Appliance Clam AntiVirus Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62025

Trust: 0.6

sources: JVNDB: JVNDB-2016-003096 // CNNVD: CNNVD-201605-717

EXTERNAL IDS

db:NVDid:CVE-2016-1405

Trust: 2.9

db:BIDid:90968

Trust: 1.4

db:SECTRACKid:1035994

Trust: 1.1

db:SECTRACKid:1035993

Trust: 1.1

db:JVNDBid:JVNDB-2016-003096

Trust: 0.8

db:CNNVDid:CNNVD-201605-717

Trust: 0.7

db:AUSCERTid:ESB-2016.1376

Trust: 0.6

db:VULHUBid:VHN-90224

Trust: 0.1

db:PACKETSTORMid:138895

Trust: 0.1

sources: VULHUB: VHN-90224 // BID: 90968 // JVNDB: JVNDB-2016-003096 // PACKETSTORM: 138895 // CNNVD: CNNVD-201605-717 // NVD: CVE-2016-1405

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160531-wsa-esa

Trust: 2.0

url:https://github.com/vrtadmin/clamav-devel/blob/master/changelog

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-3093-1

Trust: 1.2

url:http://www.securityfocus.com/bid/90968

Trust: 1.1

url:http://www.securitytracker.com/id/1035993

Trust: 1.1

url:http://www.securitytracker.com/id/1035994

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1405

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1405

Trust: 0.8

url:http://www.auscert.org.au/./render.html?it=35274

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1371

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.99.2+dfsg-0ubuntu0.16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.14.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.12.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1372

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1405

Trust: 0.1

sources: VULHUB: VHN-90224 // BID: 90968 // JVNDB: JVNDB-2016-003096 // PACKETSTORM: 138895 // CNNVD: CNNVD-201605-717 // NVD: CVE-2016-1405

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 90968

SOURCES

db:VULHUBid:VHN-90224
db:BIDid:90968
db:JVNDBid:JVNDB-2016-003096
db:PACKETSTORMid:138895
db:CNNVDid:CNNVD-201605-717
db:NVDid:CVE-2016-1405

LAST UPDATE DATE

2024-11-23T22:26:55.526000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-90224date:2016-11-28T00:00:00
db:BIDid:90968date:2016-10-03T09:01:00
db:JVNDBid:JVNDB-2016-003096date:2016-06-14T00:00:00
db:CNNVDid:CNNVD-201605-717date:2016-06-12T00:00:00
db:NVDid:CVE-2016-1405date:2024-11-21T02:46:22.860

SOURCES RELEASE DATE

db:VULHUBid:VHN-90224date:2016-06-08T00:00:00
db:BIDid:90968date:2016-05-31T00:00:00
db:JVNDBid:JVNDB-2016-003096date:2016-06-14T00:00:00
db:PACKETSTORMid:138895date:2016-09-29T04:25:18
db:CNNVDid:CNNVD-201605-717date:2016-05-31T00:00:00
db:NVDid:CVE-2016-1405date:2016-06-08T14:59:12.827