Test ID:	60833
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: clamav
Summary:	FreeBSD Ports: clamav
Description:	The remote host is missing an update to the system as announced in the referenced advisory. The following packages are affected: clamav clamav-devel CVE-2008-1100 Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file. CVE-2008-1387 ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. Solution: Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/29000 http://www.vuxml.org/freebsd/589d8053-0b03-11dd-b4ef-00e07dc4ec84.html Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1100 http://secunia.com/secunia_research/2008-11/advisory/ http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html Debian Security Information: DSA-1549 (Google Search) http://www.debian.org/security/2008/dsa-1549 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html http://security.gentoo.org/glsa/glsa-200805-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:088 SuSE Security Announcement: SUSE-SA:2008:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html CERT/CC vulnerability note: VU#858595 http://www.kb.cert.org/vuls/id/858595 BugTraq ID: 28756 http://www.securityfocus.com/bid/28756 BugTraq ID: 28784 http://www.securityfocus.com/bid/28784 http://www.vupen.com/english/advisories/2008/1218/references http://www.vupen.com/english/advisories/2008/2584 http://www.securitytracker.com/id?1019837 http://secunia.com/advisories/29000 http://secunia.com/advisories/29863 http://secunia.com/advisories/29891 http://secunia.com/advisories/29886 http://secunia.com/advisories/29975 http://secunia.com/advisories/30253 http://secunia.com/advisories/30328 http://secunia.com/advisories/31882 XForce ISS Database: clamav-cliscanpe-bo(41789) http://xforce.iss.net/xforce/xfdb/41789 Common Vulnerability Exposure (CVE) ID: CVE-2008-1387 Bugtraq: 20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387 (Google Search) http://www.securityfocus.com/archive/1/archive/1/490863/100/0/threaded http://int21.de/cve/CVE-2008-1387-clamav.html http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ BugTraq ID: 28782 http://www.securityfocus.com/bid/28782 http://www.vupen.com/english/advisories/2008/1227/references http://secunia.com/advisories/31576 XForce ISS Database: clamav-arj-unspecified-dos(41822) http://xforce.iss.net/xforce/xfdb/41822
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 24808 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: