Mandriva Update For Clamav MDKSA-2007:172 (clamav) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference (CVE-2007-4510). A vulnerability in clamav-milter, when run in black hole mode, could allow remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call (CVE-2007-4560). Other bugs have also been corrected in 0.91.2 which is being provided with this update.

Affected

clamav on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

References

http://lists.mandriva.com/security-announce/2007-09/msg00000.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-4510, CVE-2007-4560
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)
Mandrake Security Advisory MDVSA-2009:103 (udev)
Mandrake Security Advisory MDVSA-2009:166 (c-client)
Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)
Mandrake Security Advisory MDVSA-2009:005 (xterm)

Mandriva Update for clamav MDKSA-2007:172 (clamav)

Take action and discover your vulnerabilities