ID de Prueba:	1.3.6.1.4.1.25623.1.0.56161
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLSA-2005:1044
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLSA-2005:1044. A new version of Clamav has been released[2] to address the following vulnerabilities: CVE-2005-3239 The OLE2 unpacker in clamd allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree. CVE-2005-3303 The FSG unpacker allows remote attackers to cause denial of service (memory corruption) and execute arbitrary code via a specially crafted FSG 1.33 file. CVE-2005-3500 The tnef_attachment() function allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a specially crafted value in a CAB file that causes ClamAV to repeatedly scan the same block. CVE-2005-3501 Another vulnerability related to CAB files also allows remote attackers to cause a denial of service (infinite loop). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001044 http://www.clamav.net/ http://sourceforge.net/project/shownotes.php?release_id=356974 Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3239 BugTraq ID: 15101 http://www.securityfocus.com/bid/15101 Debian Security Information: DSA-887 (Google Search) http://www.debian.org/security/2005/dsa-887 http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:205 http://www.osvdb.org/20536 http://securitytracker.com/id?1015154 http://secunia.com/advisories/17184 http://secunia.com/advisories/17448 http://secunia.com/advisories/17451 http://secunia.com/advisories/17501 http://secunia.com/advisories/17559 SuSE Security Announcement: SUSE-SR:2005:026 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2005-3303 BugTraq ID: 15318 http://www.securityfocus.com/bid/15318 Bugtraq: 20051104 ZDI-05-002: Clam Antivirus Remote Code Execution (Google Search) http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html http://www.zerodayinitiative.com/advisories/ZDI-05-002.html http://www.osvdb.org/20482 http://secunia.com/advisories/17434 http://securityreason.com/securityalert/146 http://www.vupen.com/english/advisories/2005/2294 Common Vulnerability Exposure (CVE) ID: CVE-2005-3500 BugTraq ID: 15316 http://www.securityfocus.com/bid/15316 http://www.idefense.com/application/poi/display?id=333&type=vulnerabilities http://www.osvdb.org/20483 http://securityreason.com/securityalert/152 Common Vulnerability Exposure (CVE) ID: CVE-2005-3501 BugTraq ID: 15317 http://www.securityfocus.com/bid/15317 http://www.idefense.com/application/poi/display?id=334&type=vulnerabilities http://www.osvdb.org/20484 http://securityreason.com/securityalert/150
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.