Amazon Linux AMI : clamav (ALAS-2020-1433)

Low Nessus Plugin ID 140612

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.2

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1433 advisory.

- A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. (CVE-2020-3327)

- A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. (CVE-2020-3350)

- A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. (CVE-2020-3481)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update clamav' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2020-1433.html

https://access.redhat.com/security/cve/CVE-2020-3327

https://access.redhat.com/security/cve/CVE-2020-3350

https://access.redhat.com/security/cve/CVE-2020-3481

Plugin Details

Severity: Low

ID: 140612

File Name: ala_ALAS-2020-1433.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2020/09/16

Updated: 2020/09/16

Dependencies: 12634

Risk Information

Risk Factor: Low

VPR Score: 5.2

CVSS Score Source: CVE-2020-3350

CVSS v2.0

Base Score: 3.3

Temporal Score: 2.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 6.3

Temporal Score: 5.5

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:clamav, p-cpe:/a:amazon:linux:clamav-data, p-cpe:/a:amazon:linux:clamav-db, p-cpe:/a:amazon:linux:clamav-debuginfo, p-cpe:/a:amazon:linux:clamav-devel, p-cpe:/a:amazon:linux:clamav-filesystem, p-cpe:/a:amazon:linux:clamav-lib, p-cpe:/a:amazon:linux:clamav-milter, p-cpe:/a:amazon:linux:clamav-update, p-cpe:/a:amazon:linux:clamd, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/09/14

Vulnerability Publication Date: 2020/05/13

Reference Information

CVE: CVE-2020-3327, CVE-2020-3350, CVE-2020-3481

ALAS: 2020-1433