Hendrik Weimer

Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.

**Name of the Vulnerable Software and Affected Versions** BitDefender Mail Protection for SMB version 2.0 **Description** The issue allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file. This can be demonstrated using the EICAR test file. **Recommendations** For version 2.0, consider updating to a newer version that addresses this issue, or as a temporary workaround, restrict the processing of multipart/mixed MIME files with invalid base64 encoded content to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Clam AntiVirus (ClamAV) version 0.88.6 **Description** The issue allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file. This can be demonstrated using the EICAR test file. **Recommendations** For Clam AntiVirus (ClamAV) version 0.88.6, update to a newer version that includes a fix for this issue to prevent attackers from bypassing virus detection.

**Name of the Vulnerable Software and Affected Versions** F-Prot Antivirus for Linux x86 Mail Servers version 4.6.6 **Description** The issue allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file. This can be demonstrated using the EICAR test file, which is a standard test file used to check the functionality of antivirus software. **Recommendations** For F-Prot Antivirus for Linux x86 Mail Servers version 4.6.6, consider updating the antivirus software to a version that includes a fix for this issue, or as a temporary workaround, restrict the processing of multipart/mixed MIME files with base64 encoded content to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kaspersky Anti-Virus for Linux Mail Servers version 5.5.10 **Description** The issue allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file. This can be demonstrated using the EICAR test file, which is a standard test file used to check the functionality of antivirus software. **Recommendations** For Kaspersky Anti-Virus for Linux Mail Servers version 5.5.10, consider updating the software to a version that includes a fix for this issue, or apply any available patches to prevent the bypass of virus detection. As a temporary workaround, consider enhancing the validation of base64 encoded content in multipart/mixed MIME files to detect and prevent the insertion of invalid characters.

**Name of the Vulnerable Software and Affected Versions** F-Secure Anti-Virus for Linux Gateways version 4.65 **Description** The issue allows remote attackers to cause a denial of service, possibly resulting in a fatal scan error, and may also enable them to bypass virus detection. This can be achieved by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file. An example of this exploit is demonstrated using the EICAR test file. **Recommendations** For F-Secure Anti-Virus for Linux Gateways version 4.65, consider updating to a newer version that addresses this issue, as the current version may allow attackers to bypass virus detection and cause a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Usermin versions prior to 1.220 (20060629) **Description** The issue allows remote attackers to read arbitrary files. This is possibly related to the `chfn/save.cgi` script not properly handling an empty `shell` parameter, which can result in changing the root's shell instead of the shell of a specified user. **Recommendations** For versions prior to 1.220 (20060629), update to version 1.220 (20060629) or later to resolve the issue. As a temporary workaround, consider restricting access to the `chfn/save.cgi` script until the update is applied.

Name of the Vulnerable Software and Affected Versions: AWStats version 6.5 AWStats (affected versions not specified) Description: The issue allows remote authenticated users to execute arbitrary code by using the `configdir` parameter to `awstats.pl` to upload a configuration file whose name contains shell metacharacters, then access that file using the `LogFile` directive. Multiple vulnerabilities in the AWStats package may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely. Recommendations: For AWStats version 6.5, consider restricting access to the `configdir` parameter and the `LogFile` directive to prevent arbitrary code execution. For other affected versions of AWStats, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AWStats versions 6.4 through 6.5 AWStats (affected versions not specified) in openSUSE Description: The issue allows remote attackers to execute arbitrary code via shell metacharacters in the `migrate` parameter when statistics updates are enabled. Multiple vulnerabilities in the AWStats package may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely. Recommendations: For AWStats versions 6.4 through 6.5, consider disabling the statistics updates feature until a patch is available. For AWStats in openSUSE, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AWStats versions 6.5 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `config` parameter. **Recommendations** For AWStats versions 6.5 and earlier, update to a version later than 6.5 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.0 through 2.0.5 Description: The issue allows remote malicious servers to execute arbitrary code on the client. This is achieved by using the `setenv` function with the `LD PRELOAD` environment variable, which can lead to code execution. Recommendations: For OpenVPN versions 2.0 through 2.0.5, consider updating to a version where this issue is fixed, as using `setenv` with `LD PRELOAD` can pose a significant risk. As a temporary workaround, consider restricting the use of the `LD PRELOAD` environment variable in the client configuration to minimize the risk of exploitation.