This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Clamav team reports :
A heap overflow vulnerability was discovered in libclamav which could
cause a denial of service or allow the execution of arbitrary code.
The problem is specifically located in the PE file rebuild function
used by the UPX unpacker.
Relevant code from libclamav/upx.c :
memcpy(dst, newbuf, foffset); *dsize = foffset; free(newbuf);
cli_dbgmsg('UPX: PE structure rebuilt from compressed file\n'); return
Due to improper validation it is possible to overflow the above
memcpy() beyond the allocated memory block.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5