CVE-2006-1630
published 2006-04-06CVE-2006-1630: The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
5.20%
91.4th percentile
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gf96-35v4-6xgh: The cli_bitset_set function in libclamav/others
ghsa_unreviewed·2022-05-01
CVE-2006-1630 [MEDIUM] GHSA-gf96-35v4-6xgh: The cli_bitset_set function in libclamav/others
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
OSV
CVE-2006-1630: The cli_bitset_set function in libclamav/others
osv·2006-04-06·CVSS 5.0
CVE-2006-1630 [MEDIUM] CVE-2006-1630: The cli_bitset_set function in libclamav/others
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
Debian
CVE-2006-1630: clamav - The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) bef...
vendor_debian·2006·CVSS 5.0
CVE-2006-1630 [MEDIUM] CVE-2006-1630: clamav - The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) bef...
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
Scope: local
bookworm: resolved (fixed in 0.88.1-1)
bullseye: resolved (fixed in 0.88.1-1)
forky: resolved (fixed in 0.88.1-1)
sid: resolved (fixed in 0.88.1-1)
trixie: resolved (fixed in 0.88.1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-1630 kernel: nfs: fix NFS v4 client handling of MAY_EXEC in nfs_permission
bugzilla·2009-05-12·CVSS 4.4
CVE-2009-1630 [MEDIUM] CVE-2009-1630 kernel: nfs: fix NFS v4 client handling of MAY_EXEC in nfs_permission
CVE-2009-1630 kernel: nfs: fix NFS v4 client handling of MAY_EXEC in nfs_permission
Description of problem:
Frank Filz reported: the problem is that permission checking is skipped if atomic open is possible, but when exec opens a file, it just opens it O_READONLY which means EXEC permission will not be checked at that time.
This problem is observed by the following sequence (executed as root):
mount -t nfs4 server:/ /mnt4
echo "ls" >/mnt4/foo
chmod 744 /mnt4/foo
su guest -c "mnt4/foo"
Reference:
http://article.gmane.org/gmane.linux.nfs/26592
Discussion:
This looks like the same problem that was reported in November 2006:
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
http://bugzilla.linux-nfs.org/show_bug.
Bugzilla
Security Vulnerability: CVE-2006-1630
bugzilla·2006-04-13·CVSS 5.0
CVE-2006-1630 [MEDIUM] Security Vulnerability: CVE-2006-1630
Security Vulnerability: CVE-2006-1630
See:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630
Note that 0.88.1 fixes this.
Discussion:
*** This bug has been marked as a duplicate of 188881 ***
---
Reopening, not a duplicate, note the different CVE number, 0.88.1 closes 3
seperate security holes!
I have entered 3 bugzilla bugs for this so people can search for CVE and find
the appropiate bug for all 3 CVE's . This is sorta kinda security SIG policy and
will hopefully become more definite security SIG policy soon.
http://lists.apple.com/archives/security-announce/2006/May/msg00003.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.htmlhttp://secunia.com/advisories/19534http://secunia.com/advisories/19536http://secunia.com/advisories/19564http://secunia.com/advisories/19567http://secunia.com/advisories/19570http://secunia.com/advisories/19608http://secunia.com/advisories/20077http://secunia.com/advisories/23719http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638http://up2date.astaro.com/2006/05/low_up2date_6202.htmlhttp://www.debian.org/security/2006/dsa-1024http://www.gentoo.org/security/en/glsa/glsa-200604-06.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:067http://www.osvdb.org/24459http://www.securityfocus.com/bid/17388http://www.securityfocus.com/bid/17951http://www.trustix.org/errata/2006/0020http://www.us-cert.gov/cas/techalerts/TA06-132A.htmlhttp://www.vupen.com/english/advisories/2006/1258http://www.vupen.com/english/advisories/2006/1779https://exchange.xforce.ibmcloud.com/vulnerabilities/25662http://lists.apple.com/archives/security-announce/2006/May/msg00003.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.htmlhttp://secunia.com/advisories/19534http://secunia.com/advisories/19536http://secunia.com/advisories/19564http://secunia.com/advisories/19567http://secunia.com/advisories/19570http://secunia.com/advisories/19608http://secunia.com/advisories/20077http://secunia.com/advisories/23719http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638http://up2date.astaro.com/2006/05/low_up2date_6202.htmlhttp://www.debian.org/security/2006/dsa-1024http://www.gentoo.org/security/en/glsa/glsa-200604-06.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:067http://www.osvdb.org/24459http://www.securityfocus.com/bid/17388http://www.securityfocus.com/bid/17951http://www.trustix.org/errata/2006/0020http://www.us-cert.gov/cas/techalerts/TA06-132A.htmlhttp://www.vupen.com/english/advisories/2006/1258http://www.vupen.com/english/advisories/2006/1779https://exchange.xforce.ibmcloud.com/vulnerabilities/25662
2006-04-06
Published