 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.71451 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandriva Security Advisory MDVSA-2012:094 (clamav) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing an update to clamav announced via advisory MDVSA-2012:094. This is a bugfix release that upgrades clamav to the latest version (0.97.5) that resolves the following security issues: The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations (CVE-2012-1457). The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations (CVE-2012-1458). The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations (CVE-2012-1459). Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:094 http://git.clamav.net/gitweb?p=clamav-devel.git a=blob_plain f=ChangeLog hb=clamav-0.97.5 Risk factor : High |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-1457 BugTraq ID: 52610 http://www.securityfocus.com/bid/52610 Bugtraq: 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Google Search) http://www.securityfocus.com/archive/1/522005 http://www.mandriva.com/security/advisories?name=MDVSA-2012:094 http://www.ieee-security.org/TC/SP2012/program.html http://osvdb.org/80389 http://osvdb.org/80391 http://osvdb.org/80392 http://osvdb.org/80393 http://osvdb.org/80395 http://osvdb.org/80396 http://osvdb.org/80403 http://osvdb.org/80406 http://osvdb.org/80407 http://osvdb.org/80409 SuSE Security Announcement: openSUSE-SU-2012:0833 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html XForce ISS Database: multiple-av-tar-length-evasion(74293) https://exchange.xforce.ibmcloud.com/vulnerabilities/74293 Common Vulnerability Exposure (CVE) ID: CVE-2012-1458 BugTraq ID: 52611 http://www.securityfocus.com/bid/52611 http://osvdb.org/80473 http://osvdb.org/80474 XForce ISS Database: multiple-av-chm-header-evasion(74301) https://exchange.xforce.ibmcloud.com/vulnerabilities/74301 Common Vulnerability Exposure (CVE) ID: CVE-2012-1459 BugTraq ID: 52623 http://www.securityfocus.com/bid/52623 http://osvdb.org/80390 XForce ISS Database: multiple-av-tar-header-evasion(74302) https://exchange.xforce.ibmcloud.com/vulnerabilities/74302 |
| Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |