Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:122 (clamav)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70101

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:122 (clamav)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to clamav
announced via advisory MDVSA-2011:122.

A vulnerability has been discovered and corrected in clamav:

Off-by-one error in the cli_hm_scan function in matcher-hash.c in
libclamav in ClamAV before 0.97.2 allows remote attackers to cause
a denial of service (daemon crash) via an e-mail message that is not
properly handled during certain hash calculations (CVE-2011-2721).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been upgraded to the 0.97.2 version which
is not vulnerable to this issue.

Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:122

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2721
1025858
http://securitytracker.com/id?1025858
45382
http://secunia.com/advisories/45382
46717
http://secunia.com/advisories/46717
48891
http://www.securityfocus.com/bid/48891
74181
http://www.osvdb.org/74181
FEDORA-2011-15033
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html
FEDORA-2011-15076
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html
FEDORA-2011-15119
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html
MDVSA-2011:122
http://www.mandriva.com/security/advisories?name=MDVSA-2011:122
USN-1179-1
http://www.ubuntu.com/usn/USN-1179-1
[oss-security] 20110726 CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes
http://www.openwall.com/lists/oss-security/2011/07/26/3
[oss-security] 20110726 Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes
http://www.openwall.com/lists/oss-security/2011/07/26/13
clamav-scan-dos(68785)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68785
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.97.2
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=4842733eb3f09be61caeed83778bb6679141dbc5
https://bugzilla.novell.com/show_bug.cgi?id=708263
https://bugzilla.redhat.com/show_bug.cgi?id=725694
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70101
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:122 (clamav)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to clamav announced via advisory MDVSA-2011:122. A vulnerability has been discovered and corrected in clamav: Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations (CVE-2011-2721). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been upgraded to the 0.97.2 version which is not vulnerable to this issue. Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:122 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2721 1025858 http://securitytracker.com/id?1025858 45382 http://secunia.com/advisories/45382 46717 http://secunia.com/advisories/46717 48891 http://www.securityfocus.com/bid/48891 74181 http://www.osvdb.org/74181 FEDORA-2011-15033 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html FEDORA-2011-15076 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html FEDORA-2011-15119 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html MDVSA-2011:122 http://www.mandriva.com/security/advisories?name=MDVSA-2011:122 USN-1179-1 http://www.ubuntu.com/usn/USN-1179-1 [oss-security] 20110726 CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes http://www.openwall.com/lists/oss-security/2011/07/26/3 [oss-security] 20110726 Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes http://www.openwall.com/lists/oss-security/2011/07/26/13 clamav-scan-dos(68785) https://exchange.xforce.ibmcloud.com/vulnerabilities/68785 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.97.2 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=4842733eb3f09be61caeed83778bb6679141dbc5 https://bugzilla.novell.com/show_bug.cgi?id=708263 https://bugzilla.redhat.com/show_bug.cgi?id=725694 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com