Test ID:	1.3.6.1.4.1.25623.1.0.56161
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLSA-2005:1044
Summary:	Conectiva Security Advisory CLSA-2005:1044
Description:	The remote host is missing updates announced in advisory CLSA-2005:1044. A new version of Clamav has been released[2] to address the following vulnerabilities: CVE-2005-3239 The OLE2 unpacker in clamd allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree. CVE-2005-3303 The FSG unpacker allows remote attackers to cause denial of service (memory corruption) and execute arbitrary code via a specially crafted FSG 1.33 file. CVE-2005-3500 The tnef_attachment() function allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a specially crafted value in a CAB file that causes ClamAV to repeatedly scan the same block. CVE-2005-3501 Another vulnerability related to CAB files also allows remote attackers to cause a denial of service (infinite loop). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001044 http://www.clamav.net/ http://sourceforge.net/project/shownotes.php?release_id=356974 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3239 Debian Security Information: DSA-887 (Google Search) http://www.debian.org/security/2005/dsa-887 http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:205 SuSE Security Announcement: SUSE-SR:2005:026 (Google Search) BugTraq ID: 15101 http://www.securityfocus.com/bid/15101 http://www.osvdb.org/20536 http://securitytracker.com/id?1015154 http://secunia.com/advisories/17559 http://secunia.com/advisories/17184 http://secunia.com/advisories/17448 http://secunia.com/advisories/17451 http://secunia.com/advisories/17501 Common Vulnerability Exposure (CVE) ID: CVE-2005-3303 Bugtraq: 20051104 ZDI-05-002: Clam Antivirus Remote Code Execution (Google Search) http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html http://www.zerodayinitiative.com/advisories/ZDI-05-002.html BugTraq ID: 15318 http://www.securityfocus.com/bid/15318 http://www.vupen.com/english/advisories/2005/2294 http://www.osvdb.org/20482 http://secunia.com/advisories/17434 http://securityreason.com/securityalert/146 Common Vulnerability Exposure (CVE) ID: CVE-2005-3500 http://www.idefense.com/application/poi/display?id=333&type=vulnerabilities BugTraq ID: 15316 http://www.securityfocus.com/bid/15316 http://www.osvdb.org/20483 http://securityreason.com/securityalert/152 Common Vulnerability Exposure (CVE) ID: CVE-2005-3501 http://www.idefense.com/application/poi/display?id=334&type=vulnerabilities BugTraq ID: 15317 http://www.securityfocus.com/bid/15317 http://www.osvdb.org/20484 http://securityreason.com/securityalert/150
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: