Conectiva Local Security Checks : Conectiva Security Advisory CLA-2005:973 (clamav)

Preis/Funktionszusammenfassung | Bestellen | Neue Anfälligkeiten | Vertraulichkeit | Anfälligkeiten Suche

Anfälligkeitssuche		Suche in 61204 CVE Beschreibungen und 32582 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.55066

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2005:973 (clamav)

Zusammenfassung: Conectiva Security Advisory CLA-2005:973 (clamav)

Beschreibung:
The remote host is missing updates announced in
advisory CLA-2005:973.

The installed version of clamav is not compatible with
the online update database format, and is vulnerable to
the following vulnerabilities:

1. CVE-2005-1922
A remote attacker could cause a denial of service situation by
a specially crafted file that causes repeated errors in the
cli_msexpand() function.

2. CVE-2005-1923
A remote attacker could also trigger a denial of service
situation via a cabinet (CAB) file with the cffile_FolderOffset
field set to 0xff, which causes a zero-length read.

3. CVE-2005-2056
The Quantum archive decompressor in Clam AntiVirus (ClamAV)
before 0.86.1 allows remote attackers to cause a denial of
service (application crash) via a specially crafted Quantum archive.

4. CVE-2005-2070
The ClamAV Mail FILTER (clamav-milter) 0.84 through 0.85d,
when used in Sendmail using long timeouts, allows remote attackers
to cause a denial of service by keeping an open connection,
which prevents ClamAV from reloading.

Solution:
Upgrade your software.

http://www.clamav.net
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000973

Risk factor : Medium

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-1922
http://www.idefense.com/application/poi/display?id=276&type=vulnerabilities&flashstatus=true
Debian Security Information: DSA-737 (Google Search)
http://www.debian.org/security/2005/dsa-737
Common Vulnerability Exposure (CVE) ID: CVE-2005-1923
http://www.idefense.com/application/poi/display?id=275&type=vulnerabilities
Common Vulnerability Exposure (CVE) ID: CVE-2005-2056
http://www.gentoo.org/security/en/glsa/glsa-200506-23.xml
SuSE Security Announcement: SUSE-SA:2005:038 (Google Search)
http://www.novell.com/linux/security/advisories/2005_38_clamav.html
BugTraq ID: 14058
http://www.securityfocus.com/bid/14058
http://secunia.com/advisories/15811
Common Vulnerability Exposure (CVE) ID: CVE-2005-2070
Bugtraq: 20050623 long sendmail timeouts let attacker prevent milter quiesce (Google Search)
http://seclists.org/lists/bugtraq/2005/Jun/0197.html
BugTraq ID: 14047
http://www.securityfocus.com/bid/14047

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 32582 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:

Benutzerkennung:

Passwort:

Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.

Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.

Datenschutz

Anmeldung für registrierte Benutzer

Benutzerkennung:

Passwort:

Benutzerkennung oder Passwort vergessen?

Email/Benutzerkennung:

Test Kennung:	1.3.6.1.4.1.25623.1.0.55066
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2005:973 (clamav)
Zusammenfassung:	Conectiva Security Advisory CLA-2005:973 (clamav)
Beschreibung:	The remote host is missing updates announced in advisory CLA-2005:973. The installed version of clamav is not compatible with the online update database format, and is vulnerable to the following vulnerabilities: 1. CVE-2005-1922 A remote attacker could cause a denial of service situation by a specially crafted file that causes repeated errors in the cli_msexpand() function. 2. CVE-2005-1923 A remote attacker could also trigger a denial of service situation via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read. 3. CVE-2005-2056 The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a specially crafted Quantum archive. 4. CVE-2005-2070 The ClamAV Mail FILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading. Solution: Upgrade your software. http://www.clamav.net http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000973 Risk factor : Medium
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1922 http://www.idefense.com/application/poi/display?id=276&type=vulnerabilities&flashstatus=true Debian Security Information: DSA-737 (Google Search) http://www.debian.org/security/2005/dsa-737 Common Vulnerability Exposure (CVE) ID: CVE-2005-1923 http://www.idefense.com/application/poi/display?id=275&type=vulnerabilities Common Vulnerability Exposure (CVE) ID: CVE-2005-2056 http://www.gentoo.org/security/en/glsa/glsa-200506-23.xml SuSE Security Announcement: SUSE-SA:2005:038 (Google Search) http://www.novell.com/linux/security/advisories/2005_38_clamav.html BugTraq ID: 14058 http://www.securityfocus.com/bid/14058 http://secunia.com/advisories/15811 Common Vulnerability Exposure (CVE) ID: CVE-2005-2070 Bugtraq: 20050623 long sendmail timeouts let attacker prevent milter quiesce (Google Search) http://seclists.org/lists/bugtraq/2005/Jun/0197.html BugTraq ID: 14047 http://www.securityfocus.com/bid/14047
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com