Test Kennung:	1.3.6.1.4.1.25623.1.0.60235
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2008:003 (clamav)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to clamav announced via advisory MDVSA-2008:003. An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable (PE) files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). As well, an unspecified vulnerability related to the bzip2 decompression algorithm was also discovered (CVE-2007-6337). Other bugs have also been corrected in 0.92 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:003 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6335 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 26927 http://www.securityfocus.com/bid/26927 Debian Security Information: DSA-1435 (Google Search) http://www.debian.org/security/2007/dsa-1435 https://www.exploit-db.com/exploits/4862 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html http://security.gentoo.org/glsa/glsa-200712-20.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634 http://www.mandriva.com/security/advisories?name=MDVSA-2008:003 http://www.securitytracker.com/id?1019112 http://secunia.com/advisories/28117 http://secunia.com/advisories/28153 http://secunia.com/advisories/28176 http://secunia.com/advisories/28278 http://secunia.com/advisories/28412 http://secunia.com/advisories/28421 http://secunia.com/advisories/28587 http://secunia.com/advisories/29420 SuSE Security Announcement: SUSE-SR:2008:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://www.vupen.com/english/advisories/2007/4253 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: clamantivirus-libclamav-mewpe-bo(39119) https://exchange.xforce.ibmcloud.com/vulnerabilities/39119 Common Vulnerability Exposure (CVE) ID: CVE-2007-6336 BugTraq ID: 26946 http://www.securityfocus.com/bid/26946 http://securitytracker.com/id?1019150 XForce ISS Database: clamantivirus-mszip-bo(39169) https://exchange.xforce.ibmcloud.com/vulnerabilities/39169 Common Vulnerability Exposure (CVE) ID: CVE-2007-6337 BugTraq ID: 27063 http://www.securityfocus.com/bid/27063 http://osvdb.org/42293 http://securitytracker.com/id?1019149
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.