CVE-2007-0898
published 2007-02-16CVE-2007-0898: Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the…
PriorityP431medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EPSS
3.76%
88.5th percentile
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | <= 0.88.6 | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM
vendor_debian6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9298-v2wf-r563: Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0
ghsa_unreviewed·2022-05-01
CVE-2007-0898 [MEDIUM] CWE-22 GHSA-9298-v2wf-r563: Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
OSV
CVE-2007-0898: Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0
osv·2007-02-16·CVSS 6.4
CVE-2007-0898 [MEDIUM] CVE-2007-0898: Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
Debian
CVE-2007-0898: clamav - Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 ...
vendor_debian·2007·CVSS 6.4
CVE-2007-0898 [MEDIUM] CVE-2007-0898: clamav - Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 ...
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
Scope: local
bookworm: resolved (fixed in 0.90-1)
bullseye: resolved (fixed in 0.90-1)
forky: resolved (fixed in 0.90-1)
sid: resolved (fixed in 0.90-1)
trixie: resolved (fixed in 0.90-1)
No detection rules found.
No public exploits indexed.
Bugzilla
0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service
bugzilla·2007-02-19·CVSS 7.5
CVE-2007-0897 [HIGH] 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service
0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service
+++ This bug was initially created as a clone of Bug #229202 +++
According to Secunia:
"Two vulnerabilities have been reported in ClamAV, which can be exploited by
malicious people to cause a DoS (Denial of Service).
1) Input passed via the "id" parameter when parsing MIME headers is not properly
sanitised before being used to create local files. This can be exploited to e.g.
overwrite the anti-virus signature file via directory traversal attacks,
preventing malware from being detected.
2) An file descriptor leak error in the processing of CAB files can be exploited
to e.g. prevent legitimate users from sending out valid archives via a specially
crafted CAB file with a cabinet hea
Bugzilla
0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service
bugzilla·2007-02-19·CVSS 7.5
CVE-2007-0897 [HIGH] 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service
0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service
According to Secunia:
"Two vulnerabilities have been reported in ClamAV, which can be exploited by
malicious people to cause a DoS (Denial of Service).
1) Input passed via the "id" parameter when parsing MIME headers is not properly
sanitised before being used to create local files. This can be exploited to e.g.
overwrite the anti-virus signature file via directory traversal attacks,
preventing malware from being detected.
2) An file descriptor leak error in the processing of CAB files can be exploited
to e.g. prevent legitimate users from sending out valid archives via a specially
crafted CAB file with a cabinet header containing a record length of zero."
Please update the FC-6 p
http://docs.info.apple.com/article.html?artnum=307562http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.htmlhttp://osvdb.org/32282http://secunia.com/advisories/24183http://secunia.com/advisories/24187http://secunia.com/advisories/24192http://secunia.com/advisories/24319http://secunia.com/advisories/24332http://secunia.com/advisories/24425http://secunia.com/advisories/29420http://security.gentoo.org/glsa/glsa-200703-03.xmlhttp://www.debian.org/security/2007/dsa-1263http://www.mandriva.com/security/advisories?name=MDKSA-2007:043http://www.securityfocus.com/bid/22581http://www.securitytracker.com/id?1017660http://www.vupen.com/english/advisories/2007/0623http://www.vupen.com/english/advisories/2008/0924/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/32535http://docs.info.apple.com/article.html?artnum=307562http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.htmlhttp://osvdb.org/32282http://secunia.com/advisories/24183http://secunia.com/advisories/24187http://secunia.com/advisories/24192http://secunia.com/advisories/24319http://secunia.com/advisories/24332http://secunia.com/advisories/24425http://secunia.com/advisories/29420http://security.gentoo.org/glsa/glsa-200703-03.xmlhttp://www.debian.org/security/2007/dsa-1263http://www.mandriva.com/security/advisories?name=MDKSA-2007:043http://www.securityfocus.com/bid/22581http://www.securitytracker.com/id?1017660http://www.vupen.com/english/advisories/2007/0623http://www.vupen.com/english/advisories/2008/0924/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/32535
2007-02-16
Published