Test ID:	1.3.6.1.4.1.25623.1.0.71648
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1482-1 (clamav)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to clamav announced via advisory USN-1482-1. Details: It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. (CVE-2012-1457, CVE-2012-1459) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. (CVE-2012-1458) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.1 Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.1 Ubuntu 10.04 LTS: clamav 0.96.5+dfsg-1ubuntu1.10.04.4 clamav-daemon 0.96.5+dfsg-1ubuntu1.10.04.4 libclamav6 0.96.5+dfsg-1ubuntu1.10.04.4 http://www.securityspace.com/smysecure/catid.html?in=USN-1482-1 CVSS Score: 4.3 CVSS Vector: AV:L/AC:H/Au:NR/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1457 BugTraq ID: 52610 http://www.securityfocus.com/bid/52610 Bugtraq: 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Google Search) http://www.securityfocus.com/archive/1/522005 http://www.mandriva.com/security/advisories?name=MDVSA-2012:094 http://www.ieee-security.org/TC/SP2012/program.html http://osvdb.org/80389 http://osvdb.org/80391 http://osvdb.org/80392 http://osvdb.org/80393 http://osvdb.org/80395 http://osvdb.org/80396 http://osvdb.org/80403 http://osvdb.org/80406 http://osvdb.org/80407 http://osvdb.org/80409 SuSE Security Announcement: openSUSE-SU-2012:0833 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html XForce ISS Database: multiple-av-tar-length-evasion(74293) https://exchange.xforce.ibmcloud.com/vulnerabilities/74293 Common Vulnerability Exposure (CVE) ID: CVE-2012-1459 BugTraq ID: 52623 http://www.securityfocus.com/bid/52623 http://osvdb.org/80390 XForce ISS Database: multiple-av-tar-header-evasion(74302) https://exchange.xforce.ibmcloud.com/vulnerabilities/74302 Common Vulnerability Exposure (CVE) ID: CVE-2012-1458 BugTraq ID: 52611 http://www.securityfocus.com/bid/52611 http://osvdb.org/80473 http://osvdb.org/80474 XForce ISS Database: multiple-av-chm-header-evasion(74301) https://exchange.xforce.ibmcloud.com/vulnerabilities/74301
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.