Test ID:	1.3.6.1.4.1.25623.1.0.56161
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLSA-2005:1044
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLSA-2005:1044. A new version of Clamav has been released[2] to address the following vulnerabilities: CVE-2005-3239 The OLE2 unpacker in clamd allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree. CVE-2005-3303 The FSG unpacker allows remote attackers to cause denial of service (memory corruption) and execute arbitrary code via a specially crafted FSG 1.33 file. CVE-2005-3500 The tnef_attachment() function allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a specially crafted value in a CAB file that causes ClamAV to repeatedly scan the same block. CVE-2005-3501 Another vulnerability related to CAB files also allows remote attackers to cause a denial of service (infinite loop). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001044 http://www.clamav.net/ http://sourceforge.net/project/shownotes.php?release_id=356974 Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3239 BugTraq ID: 15101 http://www.securityfocus.com/bid/15101 Debian Security Information: DSA-887 (Google Search) http://www.debian.org/security/2005/dsa-887 http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:205 http://www.osvdb.org/20536 http://securitytracker.com/id?1015154 http://secunia.com/advisories/17184 http://secunia.com/advisories/17448 http://secunia.com/advisories/17451 http://secunia.com/advisories/17501 http://secunia.com/advisories/17559 SuSE Security Announcement: SUSE-SR:2005:026 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2005-3303 BugTraq ID: 15318 http://www.securityfocus.com/bid/15318 Bugtraq: 20051104 ZDI-05-002: Clam Antivirus Remote Code Execution (Google Search) http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html http://www.zerodayinitiative.com/advisories/ZDI-05-002.html http://www.osvdb.org/20482 http://secunia.com/advisories/17434 http://securityreason.com/securityalert/146 http://www.vupen.com/english/advisories/2005/2294 Common Vulnerability Exposure (CVE) ID: CVE-2005-3500 BugTraq ID: 15316 http://www.securityfocus.com/bid/15316 http://www.idefense.com/application/poi/display?id=333&type=vulnerabilities http://www.osvdb.org/20483 http://securityreason.com/securityalert/152 Common Vulnerability Exposure (CVE) ID: CVE-2005-3501 BugTraq ID: 15317 http://www.securityfocus.com/bid/15317 http://www.idefense.com/application/poi/display?id=334&type=vulnerabilities http://www.osvdb.org/20484 http://securityreason.com/securityalert/150
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.