Test ID:	1.3.6.1.4.1.25623.1.0.56515
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: clamav
Summary:	FreeBSD Ports: clamav
Description:	The remote host is missing an update to the system as announced in the referenced advisory. The following packages are affected: clamav clamav-devel CVE-2006-1614 Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. CVE-2006-1615 Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. CVE-2006-1630 The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an 'invalid memory access.' Solution: Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/19534/ http://www.us.debian.org/security/2006/dsa-1024 http://www.vuxml.org/freebsd/6a5174bd-c580-11da-9110-00123ffe8333.html
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1614 Bugtraq: 20060406 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration) (Google Search) http://www.securityfocus.com/archive/1/archive/1/430405/100/0/threaded http://www.overflow.pl/adv/clamavupxinteger.txt http://lists.apple.com/archives/security-announce/2006/May/msg00003.html Debian Security Information: DSA-1024 (Google Search) http://www.debian.org/security/2006/dsa-1024 http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:067 SuSE Security Announcement: SUSE-SA:2006:020 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html http://www.trustix.org/errata/2006/0020 Cert/CC Advisory: TA06-132A http://www.us-cert.gov/cas/techalerts/TA06-132A.html BugTraq ID: 17388 http://www.securityfocus.com/bid/17388 BugTraq ID: 17951 http://www.securityfocus.com/bid/17951 http://www.vupen.com/english/advisories/2006/1258 http://www.vupen.com/english/advisories/2006/1779 http://www.osvdb.org/24457 http://securitytracker.com/id?1015887 http://secunia.com/advisories/19534 http://secunia.com/advisories/19536 http://secunia.com/advisories/19570 http://secunia.com/advisories/19608 http://secunia.com/advisories/19564 http://secunia.com/advisories/19567 http://secunia.com/advisories/20077 http://secunia.com/advisories/23719 XForce ISS Database: clamav-pe-overflow(25660) http://xforce.iss.net/xforce/xfdb/25660 Common Vulnerability Exposure (CVE) ID: CVE-2006-1615 http://www.osvdb.org/24458 XForce ISS Database: clamav-output-format-string(25661) http://xforce.iss.net/xforce/xfdb/25661 Common Vulnerability Exposure (CVE) ID: CVE-2006-1630 http://www.osvdb.org/24459 XForce ISS Database: clamav-others-dos(25662) http://xforce.iss.net/xforce/xfdb/25662
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: