Test ID:	1.3.6.1.4.1.25623.1.0.58118
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1263-1)
Summary:	The remote host is missing an update for the Debian 'clamav' package(s) announced via the DSA-1263-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'clamav' package(s) announced via the DSA-1263-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0897 It was discovered that malformed CAB archives may exhaust file descriptors, which allows denial of service. CVE-2007-0898 It was discovered that a directory traversal vulnerability in the MIME header parser may lead to denial of service. For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.15. For the upcoming stable distribution (etch) these problems have been fixed in version 0.88.7-2. For the unstable distribution (sid) these problems have been fixed in version 0.90-1. We recommend that you upgrade your clamav packages. Affected Software/OS: 'clamav' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0897 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 22580 http://www.securityfocus.com/bid/22580 Debian Security Information: DSA-1263 (Google Search) http://www.debian.org/security/2007/dsa-1263 http://security.gentoo.org/glsa/glsa-200703-03.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475 http://www.mandriva.com/security/advisories?name=MDKSA-2007:043 http://osvdb.org/32283 http://www.securitytracker.com/id?1017659 http://secunia.com/advisories/24183 http://secunia.com/advisories/24187 http://secunia.com/advisories/24192 http://secunia.com/advisories/24319 http://secunia.com/advisories/24332 http://secunia.com/advisories/24425 http://secunia.com/advisories/29420 SuSE Security Announcement: SUSE-SA:2007:017 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html http://www.vupen.com/english/advisories/2007/0623 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: clamav-cabfile-dos(32531) https://exchange.xforce.ibmcloud.com/vulnerabilities/32531 Common Vulnerability Exposure (CVE) ID: CVE-2007-0898 BugTraq ID: 22581 http://www.securityfocus.com/bid/22581 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476 http://osvdb.org/32282 http://www.securitytracker.com/id?1017660 XForce ISS Database: clamav-mimeheader-directory-traversal(32535) https://exchange.xforce.ibmcloud.com/vulnerabilities/32535 Common Vulnerability Exposure (CVE) ID: CVE-2007-0899 https://security-tracker.debian.org/tracker/CVE-2007-0899
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.