ID de Prueba:	1.3.6.1.4.1.25623.1.0.58562
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:172 (clamav)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to clamav announced via advisory MDKSA-2007:172. A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference (CVE-2007-4510). A vulnerability in clamav-milter, when run in black hole mode, could allow remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call (CVE-2007-4560). Other bugs have also been corrected in 0.91.2 which is being provided with this update. Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:172 Risk factor : High CVSS Score: 7.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4510 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 25398 http://www.securityfocus.com/bid/25398 Debian Security Information: DSA-1366 (Google Search) http://www.debian.org/security/2007/dsa-1366 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html http://security.gentoo.org/glsa/glsa-200709-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:172 http://secunia.com/advisories/26530 http://secunia.com/advisories/26552 http://secunia.com/advisories/26654 http://secunia.com/advisories/26674 http://secunia.com/advisories/26683 http://secunia.com/advisories/26751 http://secunia.com/advisories/26822 http://secunia.com/advisories/26916 http://secunia.com/advisories/29420 http://securityreason.com/securityalert/3054 SuSE Security Announcement: SUSE-SR:2007:018 (Google Search) http://www.novell.com/linux/security/advisories/2007_18_sr.html http://www.trustix.org/errata/2007/0026/ http://www.vupen.com/english/advisories/2007/2952 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: clamav-clihtmlnormalise-dos(36177) https://exchange.xforce.ibmcloud.com/vulnerabilities/36177 XForce ISS Database: clamav-rtf-dos(36173) https://exchange.xforce.ibmcloud.com/vulnerabilities/36173 Common Vulnerability Exposure (CVE) ID: CVE-2007-4560 BugTraq ID: 25439 http://www.securityfocus.com/bid/25439 Bugtraq: 20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory (Google Search) http://www.securityfocus.com/archive/1/477723/100/0/threaded http://www.nruns.com/security_advisory_clamav_remote_code_exection.php http://www.securitytracker.com/id?1018610 http://securityreason.com/securityalert/3063
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.