##############################################################################
#
#  Clam Anti-Virus ClamAV Multiple Vulnerabilities
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2006/04/06
#
#  $Revision: 1.2 $
#
#  $Log: os2a_clamav_mult_vuln_601576.nasl,v $
#  Revision 1.2  2006/10/19 06:05:46  nrnandini
#   - Modified the regex.
#
#  Revision 1.1  2006/04/07 12:15:44  ksjayesh
#  To production
#
#  Revision 1.1  2006/04/06 12:01:55  nrnandini
#  issue #2192
#
#
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(!defined_func("bn_random")) exit(0);
if(description)
{
 script_id(601576);
 script_bugtraq_id(17388);
 script_cve_id("CVE-2006-1614, CVE-2006-1615, CVE-2006-1630");
 script_copyright(english:"Copyright (C) 2006 OS2A");
 script_version("$Revision: 1.2 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Gain a shell remotely");
 script_name(english:"Clam Anti-Virus ClamAV Multiple Vulnerabilities");
 script_summary(english:"Check for vulnerable version of ClamAV");
 desc["english"] = "
 Overview : This host has ClamAV installed, which is prone to multiple
 vulnerabilities.

 The flaws are due to :
 - An unspecified integer overflow error in the PE header parser in
   libclamav/pe.c. Successful exploitation requires that the
   ArchiveMaxFileSize option is disabled.
 - Some format string errors in the logging handling in shared/output.c.
 - An out-of-bounds memory access error in the cli_bitset_test() function in
   ibclamav/others.c.

 Impact : Successful exploitation allows an attacker to crash the application
 and execute arbitrary code. 

 Scope of impact is restricted to system level.

 Affected Software : ClamAV version 0.88 and prior.
		     
 Affected Platform : Any Linux system running the affected software.

 Solution : Upgrade to ClamAV version 0.88.1
 http://sourceforge.net/project/showfiles.php?group_id=86638&release_id=407078

 References : http://sourceforge.net/project/shownotes.php?release_id=407078

 CVSS Score :
	 CVSS Base Score     : 7.0 (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
	 CVSS Temporal Score : 5.2
 Risk factor : High";
 script_description(english:desc["english"]);
 script_dependencies("ssh_get_info.nasl", "os2a_clamav_version_600237.nasl");
 script_require_keys("Host/uname", "ClamAntiVirus/Version");
 exit(0);
}


 if("Linux" >!< get_kb_item("Host/uname")){
 	exit(0);
 }
 
 clamavVer = get_kb_item("ClamAntiVirus/Version");
 if(ereg(pattern:"^clamav-0\.([5-7].*|8([0-7]|8([^.]|$)))",
	 string:clamavVer)){
 	security_hole(0);
 }