Boletines de Vulnerabilidades

int(1672)

Boletines de Vulnerabilidades

Múltiples vulnerabilidades en ClamAV
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Denegación de Servicio
Dificultad	Experto
Requerimientos del atacante	Acceso remoto sin cuenta a un servicio exotico
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	GNU/Linux
Software afectado	ClamAV <0.68.1
Descripción
Múltiples vulnerabilidades en las versiones anteriores a la 0.68.1 de ClamAV. Las vulnerabilidades son descritas a continuación: - CAN-2005-2056: Vulnerabilidad en las rutinas del descompresor Quantum podría permitir a un atacante remoto provocar una situación de denegación de servicio de ClamAV. - CAN-2005-2070: Vulnerabilidad en el plugin ClamAV Mail Filter utilizado en sendmail podría permitir a un atacante remoto provocar una situación de denegación de servicio.
Solución
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software ClamAV ClamAV 0.86.1 http://sourceforge.net/project/showfiles.php?group_id=86638&release_id=337279 SUSE Linux SUSE Linux 9.3 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/clamav-0.86.1-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/clamav-db-0.86.1-0.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/clamav-0.86.1-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/clamav-db-0.86.1-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/clamav-0.86.1-0.1.src.rpm SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/clamav-0.86.1-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/clamav-db-0.86.1-0.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/clamav-0.86.1-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/clamav-db-0.86.1-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/clamav-0.86.1-0.1.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/clamav-0.86.1-0.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/clamav-0.86.1-0.2.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/clamav-0.86.1-0.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/clamav-0.86.1-0.2.src.rpm Debian Linux Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1.dsc http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1.diff.gz http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.1_all.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.1_all.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.1_all.deb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_alpha.deb arm architecture (ARM) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_arm.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_arm.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_arm.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_arm.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_arm.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_arm.deb hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_hppa.deb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_i386.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_i386.deb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_ia64.deb m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_m68k.deb mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_mips.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_mips.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_mips.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_mips.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_mips.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_mips.deb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_mipsel.deb powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_powerpc.deb s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_s390.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_s390.deb sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_sparc.deb Mandriva Linux Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/clamav-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/clamav-db-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/clamav-milter-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/clamd-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libclamav1-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libclamav1-devel-0.81-0.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/clamav-0.81-0.3.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/clamav-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/clamav-db-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/clamav-milter-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/clamd-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64clamav1-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64clamav1-devel-0.81-0.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/clamav-0.81-0.3.101mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/clamav-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/clamav-db-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/clamav-milter-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/clamd-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libclamav1-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libclamav1-devel-0.81-0.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/clamav-0.81-0.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/clamav-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/clamav-db-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/clamav-milter-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/clamd-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64clamav1-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.81-0.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/clamav-0.81-0.3.C30mdk.src.rpm Mandrivalinux LE2005 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/clamav-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/clamav-db-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/clamav-milter-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/clamd-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libclamav1-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libclamav1-devel-0.83-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/clamav-0.83-6.1.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/clamav-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/clamav-db-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/clamav-milter-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/clamd-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64clamav1-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64clamav1-devel-0.83-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/clamav-0.83-6.1.102mdk.src.rpm Debian Debian Linux 3.1 AMD64 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_amd64.deb
Identificadores estándar
Propiedad	Valor
CVE	CAN-2005-2056 CAN-2005-2070
BID
Recursos adicionales
SUSE Security Announcement SUSE-SA:2005:038 http://www.novell.com/linux/security/advisories/2005_38_clamav.html Debian Security Advisory DSA 737-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00122.html Mandriva Security Advisories MDKSA-2005:113 http://www.mandriva.com/security/advisories?name=MDKSA-2005:113 Debian Security Advisory DSA 773-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00160.html

Histórico de versiones
Versión	Comentario	Fecha
1.0	Aviso emitido	2005-07-01
1.1	Aviso emitido por Debian (DSA 737-1)	2005-07-06
1.2	Aviso emitido por Mandriva (MDKSA-2005:113)	2005-07-12
1.3	Aviso emitido por Debian (DSA 773-1)	2005-08-31

Boletines de Vulnerabilidades

Múltiples vulnerabilidades en ClamAV

Clasificación de la vulnerabilidad

Información sobre el sistema

Descripción

Solución

Identificadores estándar

Recursos adicionales

Histórico de versiones