SUSE-SA:2006:078: clamav

high Nessus Plugin ID 24453

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2006:078 (clamav).


The anti virus scan engine ClamAV has been updated to version 0.88.7 to fix various security problems:

CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference.

CVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.

CVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.

Solution

http://www.novell.com/linux/security/advisories/2006_78_clamav.html

Plugin Details

Severity: High

ID: 24453

File Name: suse_SA_2006_078.nasl

Version: 1.11

Agent: unix

Published: 2/18/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list