Debian DSA-1024-1 : clamav - several vulnerabilities
Critical Nessus Plugin ID 22566
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral remote vulnerabilities have been discovered in the ClamAV anti-virus toolkit, which may lead to denial of service and potentially to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2006-1614 Damian Put discovered an integer overflow in the PE header parser. This is only exploitable if the ArchiveMaxFileSize option is disabled.
- CVE-2006-1615 Format string vulnerabilities in the logging code have been discovered, which might lead to the execution of arbitrary code.
- CVE-2006-1630 David Luyer discovered, that ClamAV can be tricked into an invalid memory access in the cli_bitset_set() function, which may lead to a denial of service.
SolutionUpgrade the clamav package.
The old stable distribution (woody) doesn't contain clamav packages.
For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.8.