ID de Prueba:	1.3.6.1.4.1.25623.1.0.63875
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:097 (clamav)
Resumen:	The remote host is missing an update to clamav;announced via advisory MDVSA-2009:097.
Descripción:	Summary: The remote host is missing an update to clamav announced via advisory MDVSA-2009:097. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in clamav: Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive (CVE-2009-1241). libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error (CVE-2008-6680). libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang (CVE-2009-1270). The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding (CVE-2009-1371). Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL (CVE-2009-1372). Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code. This update provides clamav 0.95.1, which is not vulnerable to these issues. Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1241 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html BugTraq ID: 34344 http://www.securityfocus.com/bid/34344 Bugtraq: 20090402 [TZO-05-2009] Clamav 0.94 and below - Evasion /bypass (Google Search) http://www.securityfocus.com/archive/1/502366/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2009:097 http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html http://www.openwall.com/lists/oss-security/2009/04/07/6 http://secunia.com/advisories/36701 SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://www.vupen.com/english/advisories/2009/0934 Common Vulnerability Exposure (CVE) ID: CVE-2008-6680 BugTraq ID: 34357 http://www.securityfocus.com/bid/34357 Debian Security Information: DSA-1771 (Google Search) http://www.debian.org/security/2009/dsa-1771 http://secunia.com/advisories/34716 http://www.ubuntu.com/usn/usn-754-1 XForce ISS Database: clamav-exe-dos(49845) https://exchange.xforce.ibmcloud.com/vulnerabilities/49845 Common Vulnerability Exposure (CVE) ID: CVE-2009-1270 http://osvdb.org/53461 XForce ISS Database: clamav-untar-dos(49846) https://exchange.xforce.ibmcloud.com/vulnerabilities/49846 Common Vulnerability Exposure (CVE) ID: CVE-2009-1371 BugTraq ID: 34446 http://www.securityfocus.com/bid/34446 http://osvdb.org/53602 http://www.securitytracker.com/id?1022028 http://secunia.com/advisories/34612 http://secunia.com/advisories/34654 http://www.ubuntu.com/usn/usn-756-1 http://www.vupen.com/english/advisories/2009/0985 Common Vulnerability Exposure (CVE) ID: CVE-2009-1372 http://osvdb.org/53603
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.