Synopsis
The remote Amazon Linux AMI host is missing a security update.
Description
The version of clamav installed on the remote host is prior to 0.103.6-1.49. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1621 advisory.
- On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. (CVE-2022-20770)
- On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. (CVE-2022-20771)
- On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. (CVE-2022-20785)
- On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.
(CVE-2022-20796)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update clamav' to update your system.
Plugin Details
File Name: ala_ALAS-2022-1621.nasl
Agent: unix
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:2.3:o:amazon:linux:*:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-data:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-db:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-filesystem:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-lib:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-milter:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamav-update:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:clamd:*:*:*:*:*:*:*
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 7/28/2022
Vulnerability Publication Date: 5/4/2022