CVE-2012-1419
published 2012-03-21CVE-2012-1419: The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an…
PriorityP432medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
41.37%
98.5th percentile
The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cat | quick_heal | — | — |
| clamav | clamav | — | — |
| clamav | clamav | >= 0 < 0.97.5+dfsg-1 | 0.97.5+dfsg-1 |
| clamav | clamav | >= 0 < 0.97.5+dfsg-1 | 0.97.5+dfsg-1 |
| clamav | clamav | >= 0 < 0.97.5+dfsg-1 | 0.97.5+dfsg-1 |
| clamav | clamav | >= 0 < 0.97.5+dfsg-1 | 0.97.5+dfsg-1 |
| debian | clamav | < clamav 0.97.5+dfsg-1 (bookworm) | clamav 0.97.5+dfsg-1 (bookworm) |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2012-1419: clamav - The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 al...
vendor_debian·2012·CVSS 4.3
CVE-2012-1419 [MEDIUM] CVE-2012-1419: clamav - The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 al...
The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Scope: local
bookworm: resolved (fixed in 0.97.5+dfsg-1)
bullseye: resolved (fixed in 0.97.5+dfsg-1)
forky: resolved (fixed in 0.97.5+dfsg-1)
sid: resolved (fixed in 0.97.5+dfsg-1)
trixie: resolved (fixed in 0.97.5+dfsg-1)
GHSA
GHSA-f477-w5xf-pqg9: The TAR file parser in ClamAV 0
ghsa_unreviewed·2022-05-17
CVE-2012-1419 [MEDIUM] GHSA-f477-w5xf-pqg9: The TAR file parser in ClamAV 0
The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
OSV
CVE-2012-1419: The TAR file parser in ClamAV 0
osv·2012-03-21·CVSS 4.3
CVE-2012-1419 [MEDIUM] CVE-2012-1419: The TAR file parser in ClamAV 0
The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-1989 puppet: Insecure temporary file use for NET::Telnet connection log (/tmp/out.log)
bugzilla·2012-07-03·CVSS 3.6
CVE-2012-1989 [LOW] CVE-2012-1989 puppet: Insecure temporary file use for NET::Telnet connection log (/tmp/out.log)
CVE-2012-1989 puppet: Insecure temporary file use for NET::Telnet connection log (/tmp/out.log)
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-1989 to the following vulnerability:
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
References:
[1] http://projects.puppetlabs.com/issues/13606
[2] http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
[3] http://puppetlabs.com/security/cve/cve-2012-1989/
[4] http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
[5] http://ubuntu.com/usn/usn-1419-1
[6] http://www.securityfocus.com/bid/52975
[7] http://secunia.com/advisories/487
Bugzilla
CVE-2012-1419 clamav: specially-crafted POSIX tar files evade detection
bugzilla·2012-03-22·CVSS 4.3
CVE-2012-1419 [MEDIUM] CVE-2012-1419 clamav: specially-crafted POSIX tar files evade detection
CVE-2012-1419 clamav: specially-crafted POSIX tar files evade detection
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-1419 to
the following vulnerability:
Name: CVE-2012-1419
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1419
Assigned: 20120229
Reference: BUGTRAQ:20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products
Reference: http://www.securityfocus.com/archive/1/522005
Reference: http://www.ieee-security.org/TC/SP2012/program.html
The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat
QuickHeal) 11.00 allows remote attackers to bypass malware detection
via a POSIX TAR file with an initial [aliases] character sequence.
NOTE: this may later be SPLIT into multiple CVEs if additional
information is published show
Bugzilla
CVE-2012-1419 CVE-2012-1443 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 clamav various flaws [epel-all]
bugzilla·2012-03-22·CVSS 4.3
CVE-2012-1419 [MEDIUM] CVE-2012-1419 CVE-2012-1443 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 clamav various flaws [epel-all]
CVE-2012-1419 CVE-2012-1443 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 clamav various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/u
Bugzilla
CVE-2012-1419 CVE-2012-1443 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 clamav various flaws [fedora-all]
bugzilla·2012-03-22·CVSS 4.3
CVE-2012-1419 [MEDIUM] CVE-2012-1419 CVE-2012-1443 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 clamav various flaws [fedora-all]
CVE-2012-1419 CVE-2012-1443 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 clamav various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org
http://osvdb.org/80409http://www.ieee-security.org/TC/SP2012/program.htmlhttp://www.securityfocus.com/archive/1/522005http://www.securityfocus.com/bid/52572http://osvdb.org/80409http://www.ieee-security.org/TC/SP2012/program.htmlhttp://www.securityfocus.com/archive/1/522005http://www.securityfocus.com/bid/52572
2012-03-21
Published