Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en ClamAV |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Denegación de Servicio |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | ClamAV <0.68.1 |
Descripción |
|
Múltiples vulnerabilidades en las versiones anteriores a la 0.68.1 de ClamAV. Las vulnerabilidades son descritas a continuación: - CAN-2005-2056: Vulnerabilidad en las rutinas del descompresor Quantum podría permitir a un atacante remoto provocar una situación de denegación de servicio de ClamAV. - CAN-2005-2070: Vulnerabilidad en el plugin ClamAV Mail Filter utilizado en sendmail podría permitir a un atacante remoto provocar una situación de denegación de servicio. |
|
Solución |
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software ClamAV ClamAV 0.86.1 http://sourceforge.net/project/showfiles.php?group_id=86638&release_id=337279 SUSE Linux SUSE Linux 9.3 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/clamav-0.86.1-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/clamav-db-0.86.1-0.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/clamav-0.86.1-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/clamav-db-0.86.1-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/clamav-0.86.1-0.1.src.rpm SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/clamav-0.86.1-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/clamav-db-0.86.1-0.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/clamav-0.86.1-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/clamav-db-0.86.1-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/clamav-0.86.1-0.1.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/clamav-0.86.1-0.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/clamav-0.86.1-0.2.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/clamav-0.86.1-0.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/clamav-0.86.1-0.2.src.rpm Debian Linux Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1.dsc http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1.diff.gz http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.1_all.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.1_all.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.1_all.deb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_alpha.deb arm architecture (ARM) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_arm.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_arm.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_arm.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_arm.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_arm.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_arm.deb hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_hppa.deb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_i386.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_i386.deb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_ia64.deb m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_m68k.deb mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_mips.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_mips.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_mips.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_mips.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_mips.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_mips.deb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_mipsel.deb powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_powerpc.deb s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_s390.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_s390.deb sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_sparc.deb Mandriva Linux Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/clamav-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/clamav-db-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/clamav-milter-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/clamd-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libclamav1-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libclamav1-devel-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/clamav-0.81-0.3.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/clamav-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/clamav-db-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/clamav-milter-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/clamd-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64clamav1-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64clamav1-devel-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/clamav-0.81-0.3.101mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/clamav-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/clamav-db-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/clamav-milter-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/clamd-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libclamav1-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libclamav1-devel-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/clamav-0.81-0.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/clamav-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/clamav-db-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/clamav-milter-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/clamd-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64clamav1-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/clamav-0.81-0.3.C30mdk.src.rpm Mandrivalinux LE2005 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/clamav-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/clamav-db-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/clamav-milter-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/clamd-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libclamav1-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libclamav1-devel-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/clamav-0.83-6.1.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/clamav-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/clamav-db-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/clamav-milter-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/clamd-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64clamav1-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64clamav1-devel-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/clamav-0.83-6.1.102mdk.src.rpm Debian Debian Linux 3.1 AMD64 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_amd64.deb |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE |
CAN-2005-2056 CAN-2005-2070 |
BID | |
Recursos adicionales |
|
SUSE Security Announcement SUSE-SA:2005:038 http://www.novell.com/linux/security/advisories/2005_38_clamav.html Debian Security Advisory DSA 737-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00122.html Mandriva Security Advisories MDKSA-2005:113 http://www.mandriva.com/security/advisories?name=MDKSA-2005:113 Debian Security Advisory DSA 773-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00160.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2005-07-01 |
1.1 | Aviso emitido por Debian (DSA 737-1) | 2005-07-06 |
1.2 | Aviso emitido por Mandriva (MDKSA-2005:113) | 2005-07-12 |
1.3 | Aviso emitido por Debian (DSA 773-1) | 2005-08-31 |