Test ID:	1.3.6.1.4.1.25623.1.0.55827
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2005:205 (clamav)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to clamav announced via advisory MDKSA-2005:205. A number of vulnerabilities were discovered in ClamAV versions prior to 0.87.1: The OLE2 unpacker in clamd allows remote attackers to cause a DoS (segfault) via a DOC file with an invalid property tree (CVE-2005-3239) The FSG unpacker allows remote attackers to cause memory corruption and execute arbitrary code via a crafted FSG 1.33 file (CVE-2005-3303) The tnef_attachment() function allows remote attackers to cause a DoS (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block (CVE-2005-3500) Remote attackers could cause a DoS (infinite loop) via a crafted CAB file (CVE-2005-3501) This update provides ClamAV 0.87.1 which corrects all of these issues. Affected: 10.1, 10.2, 2006.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:205 Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3239 BugTraq ID: 15101 http://www.securityfocus.com/bid/15101 Debian Security Information: DSA-887 (Google Search) http://www.debian.org/security/2005/dsa-887 http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:205 http://www.osvdb.org/20536 http://securitytracker.com/id?1015154 http://secunia.com/advisories/17184 http://secunia.com/advisories/17448 http://secunia.com/advisories/17451 http://secunia.com/advisories/17501 http://secunia.com/advisories/17559 SuSE Security Announcement: SUSE-SR:2005:026 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2005-3303 BugTraq ID: 15318 http://www.securityfocus.com/bid/15318 Bugtraq: 20051104 ZDI-05-002: Clam Antivirus Remote Code Execution (Google Search) http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html http://www.zerodayinitiative.com/advisories/ZDI-05-002.html http://www.osvdb.org/20482 http://secunia.com/advisories/17434 http://securityreason.com/securityalert/146 http://www.vupen.com/english/advisories/2005/2294 Common Vulnerability Exposure (CVE) ID: CVE-2005-3500 BugTraq ID: 15316 http://www.securityfocus.com/bid/15316 http://www.idefense.com/application/poi/display?id=333&type=vulnerabilities http://www.osvdb.org/20483 http://securityreason.com/securityalert/152 Common Vulnerability Exposure (CVE) ID: CVE-2005-3501 BugTraq ID: 15317 http://www.securityfocus.com/bid/15317 http://www.idefense.com/application/poi/display?id=334&type=vulnerabilities http://www.osvdb.org/20484 http://securityreason.com/securityalert/150
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.