Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.

Published

2006-04-06T22:04:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-134

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	clamav	clamav	≤ 0.88	Yes
Application	clamav	clamav	0.01	Yes
Application	clamav	clamav	0.02	Yes
Application	clamav	clamav	0.3	Yes
Application	clamav	clamav	0.03	Yes
Application	clamav	clamav	0.05	Yes
Application	clamav	clamav	0.8	Yes
Application	clamav	clamav	0.10	Yes
Application	clamav	clamav	0.12	Yes
Application	clamav	clamav	0.13	Yes
Application	clamav	clamav	0.14	Yes
Application	clamav	clamav	0.14	Yes
Application	clamav	clamav	0.15	Yes
Application	clamav	clamav	0.20	Yes
Application	clamav	clamav	0.21	Yes
Application	clamav	clamav	0.22	Yes
Application	clamav	clamav	0.23	Yes
Application	clamav	clamav	0.24	Yes
Application	clamav	clamav	0.51	Yes
Application	clamav	clamav	0.52	Yes
Application	clamav	clamav	0.53	Yes
Application	clamav	clamav	0.54	Yes
Application	clamav	clamav	0.60	Yes
Application	clamav	clamav	0.60p	Yes
Application	clamav	clamav	0.65	Yes
Application	clamav	clamav	0.66	Yes
Application	clamav	clamav	0.67	Yes
Application	clamav	clamav	0.67-1	Yes
Application	clamav	clamav	0.68	Yes
Application	clamav	clamav	0.68.1	Yes
Application	clamav	clamav	0.70	Yes
Application	clamav	clamav	0.70	Yes
Application	clamav	clamav	0.71	Yes
Application	clamav	clamav	0.72	Yes
Application	clamav	clamav	0.73	Yes
Application	clamav	clamav	0.74	Yes
Application	clamav	clamav	0.75	Yes
Application	clamav	clamav	0.75.1	Yes
Application	clamav	clamav	0.80	Yes
Application	clamav	clamav	0.80	Yes
Application	clamav	clamav	0.80	Yes
Application	clamav	clamav	0.80	Yes
Application	clamav	clamav	0.80	Yes
Application	clamav	clamav	0.80	Yes
Application	clamav	clamav	0.81	Yes
Application	clamav	clamav	0.81	Yes
Application	clamav	clamav	0.82	Yes
Application	clamav	clamav	0.83	Yes
Application	clamav	clamav	0.84	Yes
Application	clamav	clamav	0.84	Yes
Application	clamav	clamav	0.84	Yes
Application	clamav	clamav	0.85	Yes
Application	clamav	clamav	0.85.1	Yes
Application	clamav	clamav	0.86	Yes
Application	clamav	clamav	0.86	Yes
Application	clamav	clamav	0.86.1	Yes
Application	clamav	clamav	0.86.2	Yes
Application	clamav	clamav	0.87	Yes
Application	clamav	clamav	0.87.1	Yes

References

http://lists.apple.com/archives/security-announce/2006/May/msg00003.html ([email protected])
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19534 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19536 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19564 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19567 Vendor Advisory ([email protected])
http://secunia.com/advisories/19570 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19608 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/20077 Vendor Advisory ([email protected])
http://secunia.com/advisories/23719 Vendor Advisory ([email protected])
http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638 Patch ([email protected])
http://up2date.astaro.com/2006/05/low_up2date_6202.html ([email protected])
http://www.debian.org/security/2006/dsa-1024 Patch, Vendor Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml Patch, Vendor Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:067 ([email protected])
http://www.osvdb.org/24458 ([email protected])
http://www.securityfocus.com/bid/17388 Patch ([email protected])
http://www.securityfocus.com/bid/17951 ([email protected])
http://www.trustix.org/errata/2006/0020 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA06-132A.html US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2006/1258 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/1779 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/25661 ([email protected])
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19534 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19536 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19564 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19567 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19570 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19608 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20077 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23719 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://up2date.astaro.com/2006/05/low_up2date_6202.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1024 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:067 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/24458 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/17388 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/17951 (af854a3a-2127-422b-91ae-364da2661108)
http://www.trustix.org/errata/2006/0020 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA06-132A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/1258 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/1779 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25661 (af854a3a-2127-422b-91ae-364da2661108)