Gentoo Security Advisory GLSA 200612-15 (vlnx) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200612-15.

Solution

As VirusScan verifies that it has not been modified before executing, it is not possible to correct the DT_RPATH. Furthermore, this would violate the license that VirusScan is distributed under. For this reason, the package has been masked in Portage pending the resolution of this issue. # emerge --ask --verbose --unmerge 'app-antivirus/vlnx' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200612-15 http://bugs.gentoo.org/show_bug.cgi?id=156989

Insight

McAfee VirusScan for Linux is distributed with an insecure DT_RPATH, potentially allowing a remote attacker to execute arbitrary code.

Severity

Classification

CVE CVE-2006-6474

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200403-12 (openldap)
Gentoo Security Advisory GLSA 200406-11 (horde-imp)
Gentoo Security Advisory GLSA 200501-45 (gallery)
Gentoo Security Advisory GLSA 200411-25 (SquirrelMail)
Gentoo Security Advisory GLSA 200406-15 (Usermin)

Take action and discover your vulnerabilities