Test ID:	1.3.6.1.4.1.25623.1.0.61367
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 1616-1 (clamav)
Summary:	The remote host is missing an update to clamav announced via advisory DSA 1616-1.;; This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1616)' (OID: 1.3.6.1.4.1.25623.1.0.61369).
Description:	Summary: The remote host is missing an update to clamav announced via advisory DSA 1616-1. This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1616)' (OID: 1.3.6.1.4.1.25623.1.0.61369). Vulnerability Insight: Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to fail open, facilitating a follow-on viral attack. The Common Vulnerabilities and Exposures project identifies this weakness as CVE-2008-2713. For the stable distribution (etch), this problem has been fixed in version 0.90.1dfsg-3etch13. For the unstable distribution (sid), the problem has been fixed in version 0.93.1.dfsg-1.1. Solution: We recommend that you upgrade your clamav packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2713 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html BugTraq ID: 29750 http://www.securityfocus.com/bid/29750 Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html Debian Security Information: DSA-1616 (Google Search) http://www.debian.org/security/2008/dsa-1616 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html http://security.gentoo.org/glsa/glsa-200808-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:122 http://www.openwall.com/lists/oss-security/2008/06/15/2 http://www.openwall.com/lists/oss-security/2008/06/17/8 http://www.securitytracker.com/id?1020305 http://secunia.com/advisories/30657 http://secunia.com/advisories/30785 http://secunia.com/advisories/30829 http://secunia.com/advisories/30967 http://secunia.com/advisories/31091 http://secunia.com/advisories/31167 http://secunia.com/advisories/31206 http://secunia.com/advisories/31437 http://secunia.com/advisories/31576 http://secunia.com/advisories/31882 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html SuSE Security Announcement: SUSE-SR:2008:015 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html http://www.vupen.com/english/advisories/2008/1855/references http://www.vupen.com/english/advisories/2008/2584 XForce ISS Database: clamav-petite-dos(43133) https://exchange.xforce.ibmcloud.com/vulnerabilities/43133
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.