Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56529
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1024-1 (clamav)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to clamav
announced via advisory DSA 1024-1.

Several remote vulnerabilities have been discovered in the ClamAV
anti-virus toolkit, which may lead to denial of service and potentially
to the execution of arbitrary code. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2006-1614

Damian Put discovered an integer overflow in the PE header parser.
This is only exploitable if the ArchiveMaxFileSize option is disabled.

CVE-2006-1615

Format string vulnerabilities in the logging code have been discovered,
which might lead to the execution of arbitrary code.

CVE-2006-1630

David Luyer discovered, that ClamAV can be tricked into an invalid
memory access in the cli_bitset_set() function, which may lead to
a denial of service.

The old stable distribution (woody) doesn't contain clamav packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.8.

For the unstable distribution (sid) these problems have been fixed in
version 0.88.1-1.

We recommend that you upgrade your clamav package.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201024-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-1614
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
BugTraq ID: 17388
http://www.securityfocus.com/bid/17388
BugTraq ID: 17951
http://www.securityfocus.com/bid/17951
Bugtraq: 20060406 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration) (Google Search)
http://www.securityfocus.com/archive/1/430405/100/0/threaded
Cert/CC Advisory: TA06-132A
http://www.us-cert.gov/cas/techalerts/TA06-132A.html
Debian Security Information: DSA-1024 (Google Search)
http://www.debian.org/security/2006/dsa-1024
http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:067
http://www.overflow.pl/adv/clamavupxinteger.txt
http://www.osvdb.org/24457
http://securitytracker.com/id?1015887
http://secunia.com/advisories/19534
http://secunia.com/advisories/19536
http://secunia.com/advisories/19564
http://secunia.com/advisories/19567
http://secunia.com/advisories/19570
http://secunia.com/advisories/19608
http://secunia.com/advisories/20077
http://secunia.com/advisories/23719
SuSE Security Announcement: SUSE-SA:2006:020 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html
http://www.trustix.org/errata/2006/0020
http://www.vupen.com/english/advisories/2006/1258
http://www.vupen.com/english/advisories/2006/1779
XForce ISS Database: clamav-pe-overflow(25660)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25660
Common Vulnerability Exposure (CVE) ID: CVE-2006-1615
http://www.osvdb.org/24458
XForce ISS Database: clamav-output-format-string(25661)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25661
Common Vulnerability Exposure (CVE) ID: CVE-2006-1630
http://www.osvdb.org/24459
XForce ISS Database: clamav-others-dos(25662)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25662
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.