 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.71451 |
| Kategorie: | Mandrake Local Security Checks |
| Titel: | Mandriva Security Advisory MDVSA-2012:094 (clamav) |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing an update to clamav announced via advisory MDVSA-2012:094. This is a bugfix release that upgrades clamav to the latest version (0.97.5) that resolves the following security issues: The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations (CVE-2012-1457). The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations (CVE-2012-1458). The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations (CVE-2012-1459). Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:094 http://git.clamav.net/gitweb?p=clamav-devel.git a=blob_plain f=ChangeLog hb=clamav-0.97.5 Risk factor : High |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-1457 BugTraq ID: 52610 http://www.securityfocus.com/bid/52610 Bugtraq: 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Google Search) http://www.securityfocus.com/archive/1/522005 http://www.mandriva.com/security/advisories?name=MDVSA-2012:094 http://www.ieee-security.org/TC/SP2012/program.html http://osvdb.org/80389 http://osvdb.org/80391 http://osvdb.org/80392 http://osvdb.org/80393 http://osvdb.org/80395 http://osvdb.org/80396 http://osvdb.org/80403 http://osvdb.org/80406 http://osvdb.org/80407 http://osvdb.org/80409 SuSE Security Announcement: openSUSE-SU-2012:0833 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html XForce ISS Database: multiple-av-tar-length-evasion(74293) https://exchange.xforce.ibmcloud.com/vulnerabilities/74293 Common Vulnerability Exposure (CVE) ID: CVE-2012-1458 BugTraq ID: 52611 http://www.securityfocus.com/bid/52611 http://osvdb.org/80473 http://osvdb.org/80474 XForce ISS Database: multiple-av-chm-header-evasion(74301) https://exchange.xforce.ibmcloud.com/vulnerabilities/74301 Common Vulnerability Exposure (CVE) ID: CVE-2012-1459 BugTraq ID: 52623 http://www.securityfocus.com/bid/52623 http://osvdb.org/80390 XForce ISS Database: multiple-av-tar-header-evasion(74302) https://exchange.xforce.ibmcloud.com/vulnerabilities/74302 |
| Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |