|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 947-2 (clamav)|
|Summary:||Debian Security Advisory DSA 947-2 (clamav)|
|Description:||The remote host is missing an update to clamav|
announced via advisory DSA 947-2.
A heap overflow has been discovered in ClamAV, a virus scanner, which
could allow an attacker to execute arbitrary code by sending a carefully
crafted UPX-encoded executable to a system runnig ClamAV. In addition,
other potential overflows have been corrected.
Packages for the ARM architecture were not available when DSA 947-1 was
these packages are now available. Also, DSA 947-1 incorrectly
identified the package version which corrected these issues in the
unstable distribution (sid).
The old stable distribution (woody) does not include ClamAV.
For the stable distribution (sarge) this problem has been fixed in
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your clamav package immediately.
BugTraq ID: 16191|
Common Vulnerability Exposure (CVE) ID: CVE-2006-0162
Debian Security Information: DSA-947 (Google Search)
CERT/CC vulnerability note: VU#385908
XForce ISS Database: clamav-libclamav-upx-bo(24047)
|Copyright||Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com|
|This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.