Test ID:	1.3.6.1.4.1.25623.1.0.58562
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:172 (clamav)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to clamav announced via advisory MDKSA-2007:172. A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference (CVE-2007-4510). A vulnerability in clamav-milter, when run in black hole mode, could allow remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call (CVE-2007-4560). Other bugs have also been corrected in 0.91.2 which is being provided with this update. Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:172 Risk factor : High CVSS Score: 7.6
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4510 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 25398 http://www.securityfocus.com/bid/25398 Debian Security Information: DSA-1366 (Google Search) http://www.debian.org/security/2007/dsa-1366 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html http://security.gentoo.org/glsa/glsa-200709-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:172 http://secunia.com/advisories/26530 http://secunia.com/advisories/26552 http://secunia.com/advisories/26654 http://secunia.com/advisories/26674 http://secunia.com/advisories/26683 http://secunia.com/advisories/26751 http://secunia.com/advisories/26822 http://secunia.com/advisories/26916 http://secunia.com/advisories/29420 http://securityreason.com/securityalert/3054 SuSE Security Announcement: SUSE-SR:2007:018 (Google Search) http://www.novell.com/linux/security/advisories/2007_18_sr.html http://www.trustix.org/errata/2007/0026/ http://www.vupen.com/english/advisories/2007/2952 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: clamav-clihtmlnormalise-dos(36177) https://exchange.xforce.ibmcloud.com/vulnerabilities/36177 XForce ISS Database: clamav-rtf-dos(36173) https://exchange.xforce.ibmcloud.com/vulnerabilities/36173 Common Vulnerability Exposure (CVE) ID: CVE-2007-4560 BugTraq ID: 25439 http://www.securityfocus.com/bid/25439 Bugtraq: 20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory (Google Search) http://www.securityfocus.com/archive/1/477723/100/0/threaded http://www.nruns.com/security_advisory_clamav_remote_code_exection.php http://www.securitytracker.com/id?1018610 http://securityreason.com/securityalert/3063
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.