Ubuntu USN-754-1 (clamav) Network Vulnerability

Summary

The remote host is missing an update to clamav announced via advisory USN-754-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libclamav5 0.94.dfsg.2-1ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-754-1

Insight

It was discovered that ClamAV did not properly verify its input when processing TAR archives. A remote attacker could send a specially crafted TAR file and cause a denial of service via infinite loop. It was discovered that ClamAV did not properly validate Portable Executable (PE) files. A remote attacker could send a crafted PE file and cause a denial of service (divide by zero).

Severity

Classification

CVE CVE-2008-6680, CVE-2009-1270

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Ubuntu Update for exiv2 vulnerabilities USN-655-1
Ubuntu Update for dhcp vulnerability USN-531-1
Ubuntu Update for curl USN-1346-1
Ubuntu Update for coreutils USN-2473-1
Ubuntu Update for emacs21, emacs22 vulnerabilities USN-607-1

Take action and discover your vulnerabilities