FreeBSD Ports: Clamav Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml http://www.vuxml.org/freebsd/271498a9-2cd4-11da-a263-0001020eed82.html

Insight

The following packages are affected: clamav clamav-devel CVE-2005-2919 libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable. CVE-2005-2920 Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.

Severity

Classification

CVE CVE-2005-2919, CVE-2005-2920

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: cacti
FreeBSD Ports: chromium
django -- multiple vulnerabilities
FreeBSD Ports: corkscrew
FreeBSD Ports: apache+mod_ssl

FreeBSD Ports: clamav

Take action and discover your vulnerabilities