Login Sign Up

CVE-2007-6745

9.8 CRITICAL
Denial of Service

📋 TL;DR

CVE-2007-6745 is a floating point exception vulnerability in ClamAV 0.91.2's ScanOLE2 component that can cause denial of service. When exploited, it crashes the ClamAV service, disrupting antivirus scanning capabilities. This affects systems running vulnerable versions of ClamAV, particularly email gateways and file scanning services.

💻 Affected Systems

Products:
  • ClamAV
Versions: 0.91.2 specifically
Operating Systems: Linux, Unix-like systems, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the vulnerable ScanOLE2 component for parsing OLE2 files (Microsoft Office documents).

📦 What is this software?

Clamav by Clamav

View all CVEs affecting Clamav →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of antivirus scanning service, potentially allowing malware to bypass detection while the service is down.

🟠

Likely Case

Service crash requiring manual restart, temporarily disabling malware scanning capabilities.

🟢

If Mitigated

Minimal impact with proper monitoring and automated restart mechanisms in place.

🌐 Internet-Facing: HIGH - ClamAV is often deployed on internet-facing email gateways and web servers that process untrusted files.
🏢 Internal Only: MEDIUM - Internal file servers and scanning services could be affected by malicious internal files.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending a specially crafted OLE2 file to trigger the floating point exception. The vulnerability is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.91.3 and later

Vendor Advisory: https://access.redhat.com/security/cve/cve-2007-6745

Restart Required: Yes

Instructions:

1. Update ClamAV to version 0.91.3 or later. 2. For Linux: Use package manager (apt-get update && apt-get upgrade clamav). 3. For Windows: Download latest installer from clamav.net. 4. Restart ClamAV service.

🔧 Temporary Workarounds

Disable OLE2 scanning

linux

Temporarily disable ScanOLE2 component to prevent exploitation

Edit clamd.conf: ScanOLE2 no
Restart clamd: systemctl restart clamav-daemon

Implement file type filtering

all

Block or quarantine OLE2 files before they reach ClamAV

🧯 If You Can't Patch

  • Implement network segmentation to isolate ClamAV servers from untrusted networks
  • Deploy monitoring and automated restart scripts for ClamAV service

🔍 How to Verify

Check if Vulnerable:

Check ClamAV version: clamscan --version | grep 'ClamAV'

Check Version:

clamscan --version

Verify Fix Applied:

Verify version is 0.91.3 or later: clamscan --version

📡 Detection & Monitoring

Log Indicators:

  • ClamAV crash logs
  • Service restart messages in system logs
  • Floating point exception errors

Network Indicators:

  • Sudden stop in ClamAV scanning traffic
  • Increased file processing failures

SIEM Query:

source="clamav" AND ("crash" OR "exception" OR "restart")

📊 Metadata

CVE ID: CVE-2007-6745
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: November 7, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON