Amazon Linux AMI : clamav (ALAS-2018-976)

critical Nessus Plugin ID 108601
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Heap-based buffer overflow in mspack/lzxd.c

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. (CVE-2017-6419)

Out-of-bounds access in the PDF parser (CVE-2018-0202)

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the 'DestPos' variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. (CVE-2012-6706)

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains..
This attack appear to be exploitable via The victim must scan a crafted XAR file. (CVE-2018-1000085)

Stack-based buffer over-read in cabd_read_string function

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. (CVE-2017-11423)

Solution

Run 'yum update clamav' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2018-976.html

Plugin Details

Severity: Critical

ID: 108601

File Name: ala_ALAS-2018-976.nasl

Version: 1.2

Type: local

Agent: unix

Published: 3/27/2018

Updated: 4/18/2018

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:2.3:o:amazon:linux:*:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-data:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-data-empty:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-db:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-filesystem:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-lib:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-milter:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-milter-sysvinit:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-scanner:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-scanner-sysvinit:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-server:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-server-sysvinit:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-update:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamd:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 3/21/2018

Reference Information

CVE: CVE-2017-11423, CVE-2017-6419, CVE-2012-6706, CVE-2018-0202, CVE-2018-1000085

ALAS: 2018-976