Test ID:	1.3.6.1.4.1.25623.1.0.57250
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2006:138 (clamav)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to clamav announced via advisory MDKSA-2006:138. Damian Put discovered a boundary error in the UPX extraction module in ClamAV which is used to unpack PE Windows executables. This could be abused to cause a Denial of Service issue and potentially allow for the execution of arbitrary code with the permissions of the user running clamscan or clamd. Updated packages have been patched to correct this issue. Affected: 2006.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:138 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4018 BugTraq ID: 19381 http://www.securityfocus.com/bid/19381 Bugtraq: 20060809 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (Google Search) http://www.securityfocus.com/archive/1/442681/100/0/threaded Debian Security Information: DSA-1153 (Google Search) http://www.debian.org/security/2006/dsa-1153 http://security.gentoo.org/glsa/glsa-200608-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:138 http://www.overflow.pl/adv/clamav_upx_heap.txt http://securitytracker.com/id?1016645 http://secunia.com/advisories/21368 http://secunia.com/advisories/21374 http://secunia.com/advisories/21433 http://secunia.com/advisories/21443 http://secunia.com/advisories/21457 http://secunia.com/advisories/21497 http://secunia.com/advisories/21562 SuSE Security Announcement: SUSE-SA:2006:046 (Google Search) http://www.novell.com/linux/security/advisories/2006_46_clamav.html http://www.trustix.org/errata/2006/0046/ http://www.vupen.com/english/advisories/2006/3175 http://www.vupen.com/english/advisories/2006/3275 XForce ISS Database: clamav-pefromupx-bo(28286) https://exchange.xforce.ibmcloud.com/vulnerabilities/28286
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.