ID de Prueba:	1.3.6.1.4.1.25623.1.0.68577
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:249 (clamav)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to clamav announced via advisory MDVSA-2010:249. Multiple vulnerabilities were discovered and corrected in clamav: Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document (CVE-2010-4260, (CVE-2010-4479). Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information (CVE-2010-4261). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated clamav packages have been upgraded to the 0.96.5 version that is not vulnerable to these issues. Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:249 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4260 1024818 http://www.securitytracker.com/id?1024818 42426 http://secunia.com/advisories/42426 42523 http://secunia.com/advisories/42523 42555 http://secunia.com/advisories/42555 42720 http://secunia.com/advisories/42720 45152 http://www.securityfocus.com/bid/45152 ADV-2010-3135 http://www.vupen.com/english/advisories/2010/3135 ADV-2010-3137 http://www.vupen.com/english/advisories/2010/3137 ADV-2010-3185 http://www.vupen.com/english/advisories/2010/3185 APPLE-SA-2011-03-21-1 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html FEDORA-2010-18564 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052401.html FEDORA-2010-18568 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051905.html MDVSA-2010:249 http://www.mandriva.com/security/advisories?name=MDVSA-2010:249 SUSE-SR:2010:024 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html USN-1031-1 http://www.ubuntu.com/usn/USN-1031-1 [oss-security] 20101203 Re: clamav 0.96.5 released http://openwall.com/lists/oss-security/2010/12/03/3 http://openwall.com/lists/oss-security/2010/12/03/6 [oss-security] 20101203 clamav 0.96.5 released http://openwall.com/lists/oss-security/2010/12/03/1 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=master http://support.apple.com/kb/HT4581 http://xorl.wordpress.com/2010/12/06/cve-2010-4260-clamav-multiple-pdf-vulnerabilities/ https://bugzilla.redhat.com/show_bug.cgi?id=659861 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2358 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2396 Common Vulnerability Exposure (CVE) ID: CVE-2010-4479 BugTraq ID: 45152 SuSE Security Announcement: SUSE-SR:2010:024 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2010-4261 http://xorl.wordpress.com/2010/12/05/cve-2010-4261-clamav-icon_cb-off-by-one/ https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2344
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.