[manjaro-security] [ASA-201802-1] clamav: multiple issues

Levente Polyak anthraxx at archlinux.org
Fri Feb 9 15:44:29 CET 2018


Arch Linux Security Advisory ASA-201802-1
=========================================

Severity: Critical
Date    : 2018-02-09
CVE-ID  : CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377
          CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418
          CVE-2017-6420
Package : clamav
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-601

Summary
=======

The package clamav before version 0.99.3-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.

Resolution
==========

Upgrade to 0.99.3-1.

# pacman -Syu "clamav>=0.99.3-1"

The problems have been fixed upstream in version 0.99.3.

Workaround
==========

None.

Description
===========

- CVE-2017-12374 (denial of service)

ClamAV AntiVirus software versions 0.99.2 and prior contain a
vulnerability that could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition on an affected device. The
vulnerability is due to a lack of input validation checking mechanisms
during certain mail parsing operations (mbox.c operations on bounce
messages). If successfully exploited, the ClamAV software could allow a
variable pointing to the mail body which could cause a used after being
free (use-after-free) instance which may lead to a disruption of
services on an affected device to include a denial of service
condition.

- CVE-2017-12375 (denial of service)

ClamAV AntiVirus software versions 0.99.2 and prior contain a
vulnerability that could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition on an affected device. The
vulnerability is due to a lack of input validation checking mechanisms
during certain mail parsing functions (the rfc2047 function in mbox.c).
An unauthenticated, remote attacker could exploit this vulnerability by
sending a crafted email to the affected device. This action could cause
a buffer overflow condition when ClamAV scans the malicious email,
allowing the attacker to potentially cause a DoS condition on an
affected device.

- CVE-2017-12376 (arbitrary code execution)

ClamAV AntiVirus software versions 0.99.2 and prior contain a
vulnerability that could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition or potentially execute
arbitrary code on an affected device. The vulnerability is due to
improper input validation checking mechanisms when handling Portable
Document Format (.pdf) files sent to an affected device. An
unauthenticated, remote attacker could exploit this vulnerability by
sending a crafted .pdf file to an affected device. This action could
cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the
malicious file, allowing the attacker to cause a DoS condition or
potentially execute arbitrary code.

- CVE-2017-12377 (arbitrary code execution)

ClamAV AntiVirus software versions 0.99.2 and prior contain a
vulnerability that could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition or potentially execute
arbitrary code on an affected device. The vulnerability is due to
improper input validation checking mechanisms in mew packet files sent
to an affected device. A successful exploit could cause a heap-based
buffer over-read condition in mew.c when ClamAV scans the malicious
file, allowing the attacker to cause a DoS condition or potentially
execute arbitrary code on the affected device.

- CVE-2017-12378 (denial of service)

ClamAV AntiVirus software versions 0.99.2 and prior contain a
vulnerability that could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition on an affected device. The
vulnerability is due to improper input validation checking mechanisms
of .tar (Tape Archive) files sent to an affected device. A successful
exploit could cause a checksum buffer over-read condition when ClamAV
scans the malicious .tar file, potentially allowing the attacker to
cause a DoS condition on the affected device.

- CVE-2017-12379 (arbitrary code execution)

ClamAV AntiVirus software versions 0.99.2 and prior contain a
vulnerability that could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition or potentially execute
arbitrary code on an affected device. The vulnerability is due to
improper input validation checking mechanisms in the message parsing
function on an affected system. An unauthenticated, remote attacker
could exploit this vulnerability by sending a crafted email to the
affected device. This action could cause a messageAddArgument (in
message.c) buffer overflow condition when ClamAV scans the malicious
email, allowing the attacker to potentially cause a DoS condition or
execute arbitrary code on an affected device.

- CVE-2017-12380 (denial of service)

ClamAV AntiVirus software versions 0.99.2 and prior contain a
vulnerability that could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition on an affected device. The
vulnerability is due to improper input validation checking mechanisms
in mbox.c during certain mail parsing functions of the ClamAV software.
An unauthenticated, remote attacker could exploit this vulnerability by
sending a crafted email to the affected device. An exploit could
trigger a NULL pointer dereference condition when ClamAV scans the
malicious email, which may result in a DoS condition.

- CVE-2017-6418 (denial of service)

libclamav/message.c in ClamAV before 0.99.3 allows remote attackers to
cause a denial of service (out-of-bounds read) via a crafted e-mail
message.

- CVE-2017-6420 (denial of service)

The wwunpack function in libclamav/wwunpack.c in ClamAV before 0.99.3
allows remote attackers to cause a denial of service (use-after-free)
via a crafted PE file with WWPack compression.

Impact
======

A remote attacker is able to execute arbitrary code or crash the
application on the affected host when processing a maliciously crafted
file.

References
==========

https://bugs.archlinux.org/task/57233
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
https://bugzilla.clamav.net/show_bug.cgi?id=11939
https://github.com/Cisco-Talos/clamav-devel/commit/7cf2a701041b775dda9743d01665279facc9b326
https://bugzilla.clamav.net/show_bug.cgi?id=11940
https://github.com/Cisco-Talos/clamav-devel/commit/d1100be31a567718ce7c7dd6e6c632eddab55209
https://bugzilla.clamav.net/show_bug.cgi?id=11942
https://github.com/Cisco-Talos/clamav-devel/commit/c8ba4ae2e47a4f49add3e85ef7041b166be6bfdb
https://bugzilla.clamav.net/show_bug.cgi?id=11943
https://github.com/Cisco-Talos/clamav-devel/commit/38da4800bfb2d6b13579950b6543302d13e3015c
https://bugzilla.clamav.net/show_bug.cgi?id=11946
https://github.com/Cisco-Talos/clamav-devel/commit/292d6878fa3e7fd2ab0f7275a78190639ad116d4
https://bugzilla.clamav.net/show_bug.cgi?id=11944
https://github.com/Cisco-Talos/clamav-devel/commit/0604618374dc0dfd148b0ce7bf7a3d2b7528e66b
https://bugzilla.clamav.net/show_bug.cgi?id=11945
https://github.com/Cisco-Talos/clamav-devel/commit/39c89d14a61aef2958b8ea64ade1be7a5faca897
https://bugzilla.clamav.net/show_bug.cgi?id=11797
https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c
https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_email_crash.md
https://bugzilla.clamav.net/show_bug.cgi?id=11798
https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc
https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/use-after-free/clamav-use-after-free-pe.md
https://security.archlinux.org/CVE-2017-12374
https://security.archlinux.org/CVE-2017-12375
https://security.archlinux.org/CVE-2017-12376
https://security.archlinux.org/CVE-2017-12377
https://security.archlinux.org/CVE-2017-12378
https://security.archlinux.org/CVE-2017-12379
https://security.archlinux.org/CVE-2017-12380
https://security.archlinux.org/CVE-2017-6418
https://security.archlinux.org/CVE-2017-6420

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20180209/ef787d48/attachment.sig>


More information about the manjaro-security mailing list