Test ID:	1.3.6.1.4.1.25623.1.0.56515
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: clamav
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: clamav clamav-devel CVE-2006-1614 Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. CVE-2006-1615 Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. CVE-2006-1630 The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an 'invalid memory access.' Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1614 http://lists.apple.com/archives/security-announce/2006/May/msg00003.html BugTraq ID: 17388 http://www.securityfocus.com/bid/17388 BugTraq ID: 17951 http://www.securityfocus.com/bid/17951 Bugtraq: 20060406 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration) (Google Search) http://www.securityfocus.com/archive/1/430405/100/0/threaded Cert/CC Advisory: TA06-132A http://www.us-cert.gov/cas/techalerts/TA06-132A.html Debian Security Information: DSA-1024 (Google Search) http://www.debian.org/security/2006/dsa-1024 http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:067 http://www.overflow.pl/adv/clamavupxinteger.txt http://www.osvdb.org/24457 http://securitytracker.com/id?1015887 http://secunia.com/advisories/19534 http://secunia.com/advisories/19536 http://secunia.com/advisories/19564 http://secunia.com/advisories/19567 http://secunia.com/advisories/19570 http://secunia.com/advisories/19608 http://secunia.com/advisories/20077 http://secunia.com/advisories/23719 SuSE Security Announcement: SUSE-SA:2006:020 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html http://www.trustix.org/errata/2006/0020 http://www.vupen.com/english/advisories/2006/1258 http://www.vupen.com/english/advisories/2006/1779 XForce ISS Database: clamav-pe-overflow(25660) https://exchange.xforce.ibmcloud.com/vulnerabilities/25660 Common Vulnerability Exposure (CVE) ID: CVE-2006-1615 http://www.osvdb.org/24458 XForce ISS Database: clamav-output-format-string(25661) https://exchange.xforce.ibmcloud.com/vulnerabilities/25661 Common Vulnerability Exposure (CVE) ID: CVE-2006-1630 http://www.osvdb.org/24459 XForce ISS Database: clamav-others-dos(25662) https://exchange.xforce.ibmcloud.com/vulnerabilities/25662
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.