Details of VAR-202001-0770

ID

VAR-202001-0770

CVE

CVE-2019-15961

TITLE

Clam AntiVirus software Vulnerabilities related to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-014125

DESCRIPTION

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. Clam AntiVirus (ClamAV) software Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Clam AntiVirus is an open source antivirus engine from the ClamAV team for detecting Trojans, viruses, malware and other malicious threats. A resource management error vulnerability exists in Clam AntiVirus versions prior to 0.102.1 and versions prior to 0.101.5. ========================================================================= Ubuntu Security Notice USN-4230-2 January 23, 2020 clamav vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: ClamAV could be made to crash if it opened a specially crafted file. Software Description: - clamav: Anti-virus utility for Unix Details: USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain MIME messages. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: clamav 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM: clamav 0.102.1+dfsg-0ubuntu0.12.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4230-2 https://usn.ubuntu.com/4230-1 CVE-2019-15961 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-46 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: ClamAV: Multiple vulnerabilities Date: March 19, 2020 Bugs: #702010, #708424 ID: 202003-46 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. Background ========== ClamAV is a GPL virus scanner. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-antivirus/clamav < 0.102.2 >= 0.102.2 Description =========== Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.102.2" References ========== [ 1 ] CVE-2019-15961 https://nvd.nist.gov/vuln/detail/CVE-2019-15961 [ 2 ] CVE-2020-3123 https://nvd.nist.gov/vuln/detail/CVE-2020-3123 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-46 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.07

sources: NVD: CVE-2019-15961 // JVNDB: JVNDB-2019-014125 // VULHUB: VHN-148060 // VULMON: CVE-2019-15961 // PACKETSTORM: 156073 // PACKETSTORM: 156831 // PACKETSTORM: 155883

AFFECTED PRODUCTS

vendor:	clamav	model:	clamav	scope:	lte	version:	0.101.4	Trust: 1.8
vendor:	clamav	model:	clamav	scope:	eq	version:	0.102.0	Trust: 1.8
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	cisco	model:	email security appliance	scope:	eq	version:	11.1.1-042	Trust: 1.0
vendor:	cisco	model:	email security appliance	scope:	eq	version:	11.1.2-023	Trust: 1.0
vendor:	cisco	model:	e email security appliance	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-014125 // NVD: CVE-2019-15961

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15961
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15961
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15961
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-1262
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148060
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-15961
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-15961
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-148060
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-15961
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15961
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15961
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-148060 // VULMON: CVE-2019-15961 // JVNDB: JVNDB-2019-014125 // CNNVD: CNNVD-201911-1262 // NVD: CVE-2019-15961 // NVD: CVE-2019-15961

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.9
problemtype:	CWE-20	Trust: 1.0

sources: VULHUB: VHN-148060 // JVNDB: JVNDB-2019-014125 // NVD: CVE-2019-15961

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 156073 // PACKETSTORM: 155883 // CNNVD: CNNVD-201911-1262

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1262

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014125

PATCH

title:	Bug 12380	url:	https://bugzilla.clamav.net/show_bug.cgi?id=12380	Trust: 0.8
title:	Cisco Bug: CSCvr56010 - Opened to track: ClamAV for Cisco Email Security Appliance (ESA) Denial of Service Vulnerability	url:	https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010	Trust: 0.8
title:	Clam AntiVirus Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108207	Trust: 0.6
title:	Ubuntu Security Notice: clamav vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4230-1	Trust: 0.1
title:	Ubuntu Security Notice: clamav vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4230-2	Trust: 0.1
title:	Debian CVElist Bug Report Logs: new upstream version 0.102.1 to fix CVE-2019-15961	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8d35b8b88a91d7df7c4a2aec03a4e3d1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1335	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1335	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-15961	Trust: 0.1

sources: VULMON: CVE-2019-15961 // JVNDB: JVNDB-2019-014125 // CNNVD: CNNVD-201911-1262

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15961	Trust: 2.9
db:	PACKETSTORM	id:	155883	Trust: 0.8
db:	PACKETSTORM	id:	156831	Trust: 0.8
db:	PACKETSTORM	id:	156073	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-014125	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-1262	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0552	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4350	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4540	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0071.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0071	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4412	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4568	Trust: 0.6
db:	PACKETSTORM	id:	155421	Trust: 0.6
db:	VULHUB	id:	VHN-148060	Trust: 0.1
db:	VULMON	id:	CVE-2019-15961	Trust: 0.1

sources: VULHUB: VHN-148060 // VULMON: CVE-2019-15961 // JVNDB: JVNDB-2019-014125 // PACKETSTORM: 156073 // PACKETSTORM: 156831 // PACKETSTORM: 155883 // CNNVD: CNNVD-201911-1262 // NVD: CVE-2019-15961

REFERENCES

url:	https://usn.ubuntu.com/4230-2/	Trust: 2.4
url:	https://security.gentoo.org/glsa/202003-46	Trust: 1.9
url:	https://bugzilla.clamav.net/show_bug.cgi?id=12380	Trust: 1.8
url:	https://quickview.cloudapps.cisco.com/quickview/bug/cscvr56010	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15961	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15961	Trust: 0.8
url:	https://usn.ubuntu.com/4230-1/	Trust: 0.7
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193177-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193176-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914236-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/155421/clam-antivirus-toolkit-0.102.1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4350/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155883/ubuntu-security-notice-usn-4230-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0071/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4568/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4412/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0071.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4540/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0552/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/clamav-denial-of-service-via-mime-messages-parsing-30920	Trust: 0.6
url:	https://packetstormsecurity.com/files/156831/gentoo-linux-security-advisory-202003-46.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/156073/ubuntu-security-notice-usn-4230-2.html	Trust: 0.6
url:	https://usn.ubuntu.com/4230-1	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110968	Trust: 0.1
url:	https://usn.ubuntu.com/4230-2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3123	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.16.04.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.19.04.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.18.04.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.19.10.2	Trust: 0.1

CREDITS

Ubuntu,Tomasz Kojm,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201911-1262

SOURCES

db:	VULHUB	id:	VHN-148060
db:	VULMON	id:	CVE-2019-15961
db:	JVNDB	id:	JVNDB-2019-014125
db:	PACKETSTORM	id:	156073
db:	PACKETSTORM	id:	156831
db:	PACKETSTORM	id:	155883
db:	CNNVD	id:	CNNVD-201911-1262
db:	NVD	id:	CVE-2019-15961

LAST UPDATE DATE

2024-11-23T21:26:27.091000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148060	date:	2020-03-19T00:00:00
db:	VULMON	id:	CVE-2019-15961	date:	2022-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-014125	date:	2020-02-03T00:00:00
db:	CNNVD	id:	CNNVD-201911-1262	date:	2020-12-24T00:00:00
db:	NVD	id:	CVE-2019-15961	date:	2024-11-21T04:29:49.740

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148060	date:	2020-01-15T00:00:00
db:	VULMON	id:	CVE-2019-15961	date:	2020-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-014125	date:	2020-02-03T00:00:00
db:	PACKETSTORM	id:	156073	date:	2020-01-23T19:19:09
db:	PACKETSTORM	id:	156831	date:	2020-03-19T22:01:09
db:	PACKETSTORM	id:	155883	date:	2020-01-08T16:53:54
db:	CNNVD	id:	CNNVD-201911-1262	date:	2019-11-21T00:00:00
db:	NVD	id:	CVE-2019-15961	date:	2020-01-15T19:15:13.317