Test ID:	1.3.6.1.4.1.25623.1.0.57268
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2006-0046 (clamav, kernel)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0046. clamav < TSL 3.0 > < TSL 2.2 > - New Upstream. - SECURITY Fix: Damian Put has discovered a vulnerability in ClamAV, which is caused due to an boundary error in the pefromupx() function in libclamav/upx.c when unpacking PE executable files compressed with UPX. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX compressed file. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-4018 this issue. kernel < TSL 3.0 > - New upstream. - SECURITY FIX: Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-3468 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0046 Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4018 BugTraq ID: 19381 http://www.securityfocus.com/bid/19381 Bugtraq: 20060809 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (Google Search) http://www.securityfocus.com/archive/1/442681/100/0/threaded Debian Security Information: DSA-1153 (Google Search) http://www.debian.org/security/2006/dsa-1153 http://security.gentoo.org/glsa/glsa-200608-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:138 http://www.overflow.pl/adv/clamav_upx_heap.txt http://securitytracker.com/id?1016645 http://secunia.com/advisories/21368 http://secunia.com/advisories/21374 http://secunia.com/advisories/21433 http://secunia.com/advisories/21443 http://secunia.com/advisories/21457 http://secunia.com/advisories/21497 http://secunia.com/advisories/21562 SuSE Security Announcement: SUSE-SA:2006:046 (Google Search) http://www.novell.com/linux/security/advisories/2006_46_clamav.html http://www.trustix.org/errata/2006/0046/ http://www.vupen.com/english/advisories/2006/3175 http://www.vupen.com/english/advisories/2006/3275 XForce ISS Database: clamav-pefromupx-bo(28286) https://exchange.xforce.ibmcloud.com/vulnerabilities/28286 Common Vulnerability Exposure (CVE) ID: CVE-2006-3468 19396 http://www.securityfocus.com/bid/19396 2006-0046 21369 http://secunia.com/advisories/21369 21605 http://secunia.com/advisories/21605 21614 http://secunia.com/advisories/21614 21847 http://secunia.com/advisories/21847 21934 http://secunia.com/advisories/21934 22093 http://secunia.com/advisories/22093 22148 http://secunia.com/advisories/22148 22174 http://secunia.com/advisories/22174 22822 http://secunia.com/advisories/22822 DSA-1184 http://www.debian.org/security/2006/dsa-1184 MDKSA-2006:150 http://www.mandriva.com/security/advisories?name=MDKSA-2006:150 MDKSA-2006:151 http://www.mandriva.com/security/advisories?name=MDKSA-2006:151 RHSA-2006:0617 http://www.redhat.com/support/errata/RHSA-2006-0617.html SUSE-SA:2006:057 http://www.novell.com/linux/security/advisories/2006_57_kernel.html SUSE-SA:2006:064 http://www.novell.com/linux/security/advisories/2006_64_kernel.html SUSE-SR:2006:021 http://www.novell.com/linux/security/advisories/2006_21_sr.html SUSE-SR:2006:022 http://www.novell.com/linux/security/advisories/2006_22_sr.html USN-346-1 http://www.ubuntu.com/usn/usn-346-1 http://lkml.org/lkml/2006/7/17/41 http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172 oval:org.mitre.oval:def:9809 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9809
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.