French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Private Exploit & PoC Codes Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Security Vulnerabilities and Advisories Search Engine
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes Clamav "pefromupx()" Buffer Overflow Vulnerability

Title : Mandriva Security Update Fixes Clamav "pefromupx()" Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2006-3242
CVE ID : CVE-2006-4018
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-08-10

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Mandriva has released updated packges to address a vulnerability identified in Clamav [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2006.0:
7160be474b24613a61e0544bc51f7f86 2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.i586.rpm
8eaf5d27daa93c18117d72991d04f6a2 2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.i586.rpm
27781d61cf85dd88b8d83586d4831e1c 2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.i586.rpm
ee41c72a28b45af3a8bc8a01b24680c1 2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.i586.rpm
0a9fb0940a123a7347920c22a9453282 2006.0/RPMS/libclamav1-0.88.4-0.1.20060mdk.i586.rpm
89af9807ff0787621c51c0a6cf2545a0 2006.0/RPMS/libclamav1-devel-0.88.4-0.1.20060mdk.i586.rpm
034456a7e7e5c583403c69b06fb2b7c0 2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
8fc81c2d735a98c48c84abc4654c947e x86_64/2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.x86_64.rpm
0b306fe32d6e833e1ac45bd485fa2e93 x86_64/2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.x86_64.rpm
fba26b042f08e0edbea94f26e3b0093e x86_64/2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.x86_64.rpm
50fc585d63d14daceeec889d52f4e1e1 x86_64/2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.x86_64.rpm
cf9e501d41c3951c158647aeb28a018f x86_64/2006.0/RPMS/lib64clamav1-0.88.4-0.1.20060mdk.x86_64.rpm
9734f7d218bf446ac403584198d035bd x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.4-0.1.20060mdk.x86_64.rpm
034456a7e7e5c583403c69b06fb2b7c0 x86_64/2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm

Corporate 3.0:
8995669334c70e4abe03a130291ceee3 corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.i586.rpm
b4d5bb40c553484ece891b5ccf6b9946 corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.i586.rpm
beca95463cea696152f9b25f57fee24c corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.i586.rpm
35dd7bff362ed54c8e052ba3182bff91 corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.i586.rpm
620db7610ccc4c7b05d0580634217e14 corporate/3.0/RPMS/libclamav1-0.88.4-0.1.C30mdk.i586.rpm
943964d75379bfbf9db16aa44a6965a4 corporate/3.0/RPMS/libclamav1-devel-0.88.4-0.1.C30mdk.i586.rpm
2ae9a4d818dce236123140f9edbaa742 corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
873e244792ddb282ba7d5d3780644198 x86_64/corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.x86_64.rpm
45a538b5fc07847628b32f4346f4683e x86_64/corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.x86_64.rpm
5eef3b58eba440748a40d144adc9f36c x86_64/corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.x86_64.rpm
e2cb732e7b7a676a330784f2414d7700 x86_64/corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.x86_64.rpm
686e984920647ab725f6a79249673663 x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.4-0.1.C30mdk.x86_64.rpm
78e63226b709d850781813c2e5ea9b08 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.4-0.1.C30mdk.x86_64.rpm
2ae9a4d818dce236123140f9edbaa742 x86_64/corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm

ChangeLog

2006-08-10 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Oracle and BEA Products Multiple Code Execution Vulnerabilities

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)

Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)

Microsoft Windows Server Service Vulnerability (MS08-067)

Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)

Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)

Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)

Microsoft Windows SMB Code Execution Vulnerability (MS08-063)

Apple Safari Code Execution and Security Bypass Vulnerabilities

Apple iLife and Aperture Image Handling Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple TV Multiple File Processing Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone Code Execution and Security Bypass Vulnerabilities

Apple QuickTime Multiple Remote Code Execution Vulnerabilities

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy