Ubuntu Local Security Checks : Ubuntu Update for clamav USN-1482-3

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.841117

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for clamav USN-1482-3

Resumen: Ubuntu Update for Linux kernel vulnerabilities USN-1482-3

Descripción: Summary:
Ubuntu Update for Linux kernel vulnerabilities USN-1482-3

Vulnerability Insight:
USN-1482-1 fixed vulnerabilities in ClamAV. The updated package could
fail to properly scan files in some situations. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that ClamAV incorrectly handled certain malformed TAR
archives. A remote attacker could create a specially-crafted TAR file
containing malware that could escape being detected. (CVE-2012-1457,
CVE-2012-1459)

It was discovered that ClamAV incorrectly handled certain malformed CHM
files. A remote attacker could create a specially-crafted CHM file
containing malware that could escape being detected. (CVE-2012-1458)

Affected Software/OS:
clamav on Ubuntu 12.04 LTS,
Ubuntu 11.10,
Ubuntu 11.04

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1457
BugTraq ID: 52610
http://www.securityfocus.com/bid/52610
Bugtraq: 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Google Search)
http://www.securityfocus.com/archive/1/522005
http://www.mandriva.com/security/advisories?name=MDVSA-2012:094
http://www.ieee-security.org/TC/SP2012/program.html
http://osvdb.org/80389
http://osvdb.org/80391
http://osvdb.org/80392
http://osvdb.org/80393
http://osvdb.org/80395
http://osvdb.org/80396
http://osvdb.org/80403
http://osvdb.org/80406
http://osvdb.org/80407
http://osvdb.org/80409
SuSE Security Announcement: openSUSE-SU-2012:0833 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
XForce ISS Database: multiple-av-tar-length-evasion(74293)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74293
Common Vulnerability Exposure (CVE) ID: CVE-2012-1459
BugTraq ID: 52623
http://www.securityfocus.com/bid/52623
http://osvdb.org/80390
XForce ISS Database: multiple-av-tar-header-evasion(74302)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74302
Common Vulnerability Exposure (CVE) ID: CVE-2012-1458
BugTraq ID: 52611
http://www.securityfocus.com/bid/52611
http://osvdb.org/80473
http://osvdb.org/80474
XForce ISS Database: multiple-av-chm-header-evasion(74301)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74301

Copyright Copyright (c) 2012 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.841117
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for clamav USN-1482-3
Resumen:	Ubuntu Update for Linux kernel vulnerabilities USN-1482-3
Descripción:	Summary: Ubuntu Update for Linux kernel vulnerabilities USN-1482-3 Vulnerability Insight: USN-1482-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan files in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. (CVE-2012-1457, CVE-2012-1459) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. (CVE-2012-1458) Affected Software/OS: clamav on Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04 Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1457 BugTraq ID: 52610 http://www.securityfocus.com/bid/52610 Bugtraq: 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Google Search) http://www.securityfocus.com/archive/1/522005 http://www.mandriva.com/security/advisories?name=MDVSA-2012:094 http://www.ieee-security.org/TC/SP2012/program.html http://osvdb.org/80389 http://osvdb.org/80391 http://osvdb.org/80392 http://osvdb.org/80393 http://osvdb.org/80395 http://osvdb.org/80396 http://osvdb.org/80403 http://osvdb.org/80406 http://osvdb.org/80407 http://osvdb.org/80409 SuSE Security Announcement: openSUSE-SU-2012:0833 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html XForce ISS Database: multiple-av-tar-length-evasion(74293) https://exchange.xforce.ibmcloud.com/vulnerabilities/74293 Common Vulnerability Exposure (CVE) ID: CVE-2012-1459 BugTraq ID: 52623 http://www.securityfocus.com/bid/52623 http://osvdb.org/80390 XForce ISS Database: multiple-av-tar-header-evasion(74302) https://exchange.xforce.ibmcloud.com/vulnerabilities/74302 Common Vulnerability Exposure (CVE) ID: CVE-2012-1458 BugTraq ID: 52611 http://www.securityfocus.com/bid/52611 http://osvdb.org/80473 http://osvdb.org/80474 XForce ISS Database: multiple-av-chm-header-evasion(74301) https://exchange.xforce.ibmcloud.com/vulnerabilities/74301
Copyright	Copyright (c) 2012 Greenbone Networks GmbH