Full Disclosure mailing list archives
[ GLSA 200612-12 ] F-PROT Antivirus: Multiple vulnerabilities
From: Sune Kloppenborg Jeppesen <jaervosz () gentoo org>
Date: Tue, 12 Dec 2006 22:57:36 +0100
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200612-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: F-PROT Antivirus: Multiple vulnerabilities Date: December 12, 2006 Bugs: #157612 ID: 200612-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== F-Prot Antivirus contains a buffer overflow and other unspecified vulnerabilities, possibly allowing the remote execution of arbitrary code. Background ========== F-Prot Antivirus is a FRISK Software antivirus program that can used with procmail. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-antivirus/f-prot < 4.6.7 >= 4.6.7 Description =========== F-Prot Antivirus version 4.6.7 fixes a heap-based buffer overflow, an infinite loop, and other unspecified vulnerabilities. Impact ====== Among other weaker impacts, a remote attacker could send an e-mail containing a malicious file that would trigger the buffer overflow vulnerability and execute arbitrary code with the privileges of the user running F-Prot, which may be the root user. Workaround ========== There is no known workaround at this time. Resolution ========== All F-Prot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/f-prot-4.6.7" References ========== [ 1 ] CVE-2006-6293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6293 [ 2 ] CVE-2006-6294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6294 [ 3 ] CVE-2006-6352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6352 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200612-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ GLSA 200612-12 ] F-PROT Antivirus: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Dec 12)