Mandriva Linux Security Advisory : clamav (MDVSA-2008:166)
medium Nessus Plugin ID 38014
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
An incomplete fix for CVE-2008-2713 resulted in remote attackers being able to cause a denial of service via a malformed Petite file that triggered an out-of-bounds memory access (CVE-2008-3215). This issue is corrected with the 0.93.3 release which is being provided.Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 38014
File Name: mandriva_MDVSA-2008-166.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 4/23/2009
Updated: 1/6/2021
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Temporal Vector: E:U/RL:OF/RC:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:clamav, p-cpe:/a:mandriva:linux:clamav-db, p-cpe:/a:mandriva:linux:clamav-milter, p-cpe:/a:mandriva:linux:clamd, p-cpe:/a:mandriva:linux:lib64clamav-devel, p-cpe:/a:mandriva:linux:lib64clamav4, p-cpe:/a:mandriva:linux:libclamav-devel, p-cpe:/a:mandriva:linux:libclamav4, cpe:/o:mandriva:linux:2007.1, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 8/12/2008
Reference Information
CVE: CVE-2008-3215
MDVSA: 2008:166
CWE: 399