Test ID:	1.3.6.1.4.1.25623.1.0.60430
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1497-1)
Summary:	The remote host is missing an update for the Debian 'clamav' package(s) announced via the DSA-1497-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'clamav' package(s) announced via the DSA-1497-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the Clam anti-virus toolkit, which may lead to the execution of arbitrary code or local denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6595 It was discovered that temporary files are created insecurely, which may result in local denial of service by overwriting files. CVE-2008-0318 Silvio Cesare discovered an integer overflow in the parser for PE headers. The version of clamav in the old stable distribution (sarge) is no longer supported with security updates. For the stable distribution (etch), these problems have been fixed in version 0.90.1dfsg-3etch10. In addition to these fixes, this update also incorporates changes from the upcoming point release of the stable distribution (non-free RAR handling code was removed). We recommend that you upgrade your clamav packages. Affected Software/OS: 'clamav' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6595 BugTraq ID: 27064 http://www.securityfocus.com/bid/27064 Bugtraq: 20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV (Google Search) http://www.securityfocus.com/archive/1/485631/100/0/threaded Debian Security Information: DSA-1497 (Google Search) http://www.debian.org/security/2008/dsa-1497 http://security.gentoo.org/glsa/glsa-200808-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:088 http://securitytracker.com/id?1019148 http://secunia.com/advisories/28949 http://secunia.com/advisories/29891 http://secunia.com/advisories/31437 http://securityreason.com/securityalert/3501 SuSE Security Announcement: SUSE-SA:2008:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html http://www.vupen.com/english/advisories/2008/0606 XForce ISS Database: clamantivirus-cligentempfd-symlink(39335) https://exchange.xforce.ibmcloud.com/vulnerabilities/39335 XForce ISS Database: clamantivirus-sigtool-file-overwrite(39339) https://exchange.xforce.ibmcloud.com/vulnerabilities/39339 Common Vulnerability Exposure (CVE) ID: CVE-2008-0318 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 27751 http://www.securityfocus.com/bid/27751 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html http://security.gentoo.org/glsa/glsa-200802-09.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658 http://securitytracker.com/id?1019394 http://secunia.com/advisories/28907 http://secunia.com/advisories/28913 http://secunia.com/advisories/29001 http://secunia.com/advisories/29026 http://secunia.com/advisories/29048 http://secunia.com/advisories/29060 http://secunia.com/advisories/29420 SuSE Security Announcement: SUSE-SR:2008:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://www.vupen.com/english/advisories/2008/0503 http://www.vupen.com/english/advisories/2008/0924/references
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.