Test ID:	1.3.6.1.4.1.25623.1.0.57537
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1196-1)
Summary:	The remote host is missing an update for the Debian 'clamav' package(s) announced via the DSA-1196-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'clamav' package(s) announced via the DSA-1196-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in the ClamAV malware scan engine, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4182 Damian Put discovered a heap overflow error in the script to rebuild PE files, which could lead to the execution of arbitrary code. CVE-2006-5295 Damian Put discovered that missing input sanitising in the CHM handling code might lead to denial of service. For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.11. Due to technical problems with the build host this update lacks a build for the Sparc architecture. It will be provided soon. For the unstable distribution (sid) these problems have been fixed in version 0.88.5-1. We recommend that you upgrade your clamav packages. Affected Software/OS: 'clamav' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4182 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html BugTraq ID: 20535 http://www.securityfocus.com/bid/20535 Cert/CC Advisory: TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html CERT/CC vulnerability note: VU#180864 http://www.kb.cert.org/vuls/id/180864 Debian Security Information: DSA-1196 (Google Search) http://www.debian.org/security/2006/dsa-1196 http://security.gentoo.org/glsa/glsa-200610-10.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422 http://www.mandriva.com/security/advisories?name=MDKSA-2006:184 http://securitytracker.com/id?1017068 http://secunia.com/advisories/22370 http://secunia.com/advisories/22421 http://secunia.com/advisories/22488 http://secunia.com/advisories/22498 http://secunia.com/advisories/22537 http://secunia.com/advisories/22551 http://secunia.com/advisories/22626 http://secunia.com/advisories/23155 SuSE Security Announcement: SUSE-SA:2006:060 (Google Search) http://www.novell.com/linux/security/advisories/2006_60_clamav.html http://www.vupen.com/english/advisories/2006/4034 http://www.vupen.com/english/advisories/2006/4136 http://www.vupen.com/english/advisories/2006/4264 http://www.vupen.com/english/advisories/2006/4750 XForce ISS Database: clamav-rebuildpe-bo(29607) https://exchange.xforce.ibmcloud.com/vulnerabilities/29607 Common Vulnerability Exposure (CVE) ID: CVE-2006-5295 BugTraq ID: 20537 http://www.securityfocus.com/bid/20537 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423 XForce ISS Database: clamav-chm-dos(29608) https://exchange.xforce.ibmcloud.com/vulnerabilities/29608
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.