1 2 3 4 5 6

Vulnerabilidades rss pdf

Coordinación de Seguridad de la Información - UNAM-CERT -- DGTIC-UNAM

Vulnerabilidad de Seguridad UNAM-CERT-2005-338 Actualización de Debian para Clamav.

Debian liberó una actualización para Clamav. Esta repara varias vulnerabilidades que pueden explotarse para ocasionar una negación de servicio (DoS) o comprometer un sistema vulnerable.

  • Fecha de Liberación: 16-Ago-2005
  • Fuente:

    Debian Security Advisory
    DSA-776-1 Clamav
  • CVE ID: CAN-2005-2450
  • Riesgo Altamente crítico
  • Problema de Vulnerabilidad Remoto
  • Tipo de Vulnerabilidad Buffer overflow

Sistemas Afectados

Debian GNU/Linux 3.1 alias sarge Clam AntiVirus (clamav) < 0.84.2

  1. Descripción

    Debian liberó una actualización para Clamav. Esta repara varias vulnerabilidades que pueden explotarse por personas maliciosas para ocasionar una negación de servicio (DoS) o comprometer un sistema vulnerable.

    • Neel Mehta y Alex Wheeler encontrarón que Clam Anti Virus es vulnerable a desbordamientos de variable cuando maneja archivos con formato TNEF, CHM y FSG.

      Ver:
      Múltiples vulnerabilidades en Clam AntiVirus.

    • Además, Mark Pizzolato reparó un posible ciclo infinito que podría causar una negación de servico.

  2. Impacto

    Negación de servicio (DoS).

    Acceso al sistema.

  3. Solución

    Aplicar los paquetes actualizados.

    Debian GNU/Linux 3.1 (sarge)

    Source:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2.dsc
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2.diff.gz
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz

    Componentes para arquitectura independiente:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.2_all.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.2_all.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.2_all.deb

    Alpha:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_alpha.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_alpha.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_alpha.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_alpha.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_alpha.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_alpha.deb

    AMD64:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_amd64.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_amd64.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_amd64.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_amd64.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_amd64.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_amd64.deb

    ARM:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_arm.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_arm.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_arm.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_arm.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_arm.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_arm.deb

    Intel IA-32:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_i386.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_i386.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_i386.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_i386.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_i386.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_i386.deb

    Intel IA-64:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_ia64.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_ia64.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_ia64.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_ia64.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_ia64.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_ia64.deb

    HPPA:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_hppa.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_hppa.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_hppa.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_hppa.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_hppa.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_hppa.deb

    Motorola 680x0:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_m68k.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_m68k.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_m68k.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_m68k.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_m68k.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_m68k.deb

    Big endian MIPS:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_mips.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_mips.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_mips.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_mips.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_mips.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_mips.deb

    Little endian MIPS:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_mipsel.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_mipsel.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_mipsel.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_mipsel.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_mipsel.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_mipsel.deb

    PowerPC:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_powerpc.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_powerpc.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_powerpc.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_powerpc.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_powerpc.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_powerpc.deb

    IBM S/390:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_s390.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_s390.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_s390.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_s390.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_s390.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_s390.deb

    Sun Sparc:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_sparc.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_sparc.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_sparc.deb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_sparc.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_sparc.deb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_sparc.deb

  4. Apéndices

    Mayor información.

    http://www.debian.org/
    http://www.seguridad.unam.mx/vulnerabilidades/

La Coordinación de Seguridad de la Información/UNAM-CERT agradece el apoyo en la elaboración ó traducción y revisión de éste Documento a:

  • Floriberto López Velázquez (flopez at seguridad dot unam dot mx)

UNAM-CERT
Equipo de Respuesta a Incidentes UNAM
Coordinación de Seguridad de la Información

incidentes at seguridad.unam.mx
phishing at seguridad.unam.mx
http://www.cert.org.mx
http://www.seguridad.unam.mx
ftp://ftp.seguridad.unam.mx
Tel: 56 22 81 69
Fax: 56 22 80 47

Universidad Nacional Autonoma de México Aviso legal |  Créditos |  Staff |  Administración
Copyright © Todos los derechos reservados
UNAM - CERT