Mandriva Update For Clamav MDKSA-2007:043 (clamav) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. (CVE-2007-0897) Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. (CVE-2007-0898) The update to 0.90 addresses these issues.

Affected

clamav on Mandriva Linux 2006.0, Mandriva Linux 2006.0/X86_64, Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64

Severity

Classification

CVE CVE-2007-0897, CVE-2007-0898
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:025 (pidgin)
Mandrake Security Advisory MDVSA-2009:161-1 (squid)
Mandrake Security Advisory MDVSA-2009:181 (bind)
Mandrake Security Advisory MDVSA-2009:145 (php)

Mandriva Update for clamav MDKSA-2007:043 (clamav)

Take action and discover your vulnerabilities