Amazon Linux AMI update for clamav



Published: 2018-02-20
Risk High
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2017-6418
CVE-2017-6419
CVE-2017-12380
CVE-2017-12379
CVE-2017-12378
CVE-2017-12377
CVE-2017-12376
CVE-2017-12375
CVE-2017-12374
CVE-2017-6420
CWE-ID CWE-125
CWE-122
CWE-476
CWE-120
CWE-126
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU12171

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6418

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a rmeote attacker to cause DoS condition on the target system.

The weakness exists in libclamav/message.c due to out-of-bounds read. A remote attacker can trick the victim into opening a specially crafted e-mail message, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    clamav-db-0.99.3-1.28.amzn1.i686
    clamav-milter-0.99.3-1.28.amzn1.i686
    clamav-lib-0.99.3-1.28.amzn1.i686
    clamav-debuginfo-0.99.3-1.28.amzn1.i686
    clamd-0.99.3-1.28.amzn1.i686
    clamav-devel-0.99.3-1.28.amzn1.i686
    clamav-update-0.99.3-1.28.amzn1.i686
    clamav-server-0.99.3-1.28.amzn1.i686
    clamav-0.99.3-1.28.amzn1.i686

noarch:
    clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-data-0.99.3-1.28.amzn1.noarch
    clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-scanner-0.99.3-1.28.amzn1.noarch
    clamav-data-empty-0.99.3-1.28.amzn1.noarch
    clamav-filesystem-0.99.3-1.28.amzn1.noarch
    clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch

src:
    clamav-0.99.3-1.28.amzn1.src

x86_64:
    clamav-milter-0.99.3-1.28.amzn1.x86_64
    clamav-lib-0.99.3-1.28.amzn1.x86_64
    clamav-devel-0.99.3-1.28.amzn1.x86_64
    clamav-server-0.99.3-1.28.amzn1.x86_64
    clamav-debuginfo-0.99.3-1.28.amzn1.x86_64
    clamav-db-0.99.3-1.28.amzn1.x86_64
    clamd-0.99.3-1.28.amzn1.x86_64
    clamav-0.99.3-1.28.amzn1.x86_64
    clamav-update-0.99.3-1.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-958.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU11216

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6419

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker can send a specially crafted CHM file, trick the victim into opening it and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

i686:
    clamav-db-0.99.3-1.28.amzn1.i686
    clamav-milter-0.99.3-1.28.amzn1.i686
    clamav-lib-0.99.3-1.28.amzn1.i686
    clamav-debuginfo-0.99.3-1.28.amzn1.i686
    clamd-0.99.3-1.28.amzn1.i686
    clamav-devel-0.99.3-1.28.amzn1.i686
    clamav-update-0.99.3-1.28.amzn1.i686
    clamav-server-0.99.3-1.28.amzn1.i686
    clamav-0.99.3-1.28.amzn1.i686

noarch:
    clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-data-0.99.3-1.28.amzn1.noarch
    clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-scanner-0.99.3-1.28.amzn1.noarch
    clamav-data-empty-0.99.3-1.28.amzn1.noarch
    clamav-filesystem-0.99.3-1.28.amzn1.noarch
    clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch

src:
    clamav-0.99.3-1.28.amzn1.src

x86_64:
    clamav-milter-0.99.3-1.28.amzn1.x86_64
    clamav-lib-0.99.3-1.28.amzn1.x86_64
    clamav-devel-0.99.3-1.28.amzn1.x86_64
    clamav-server-0.99.3-1.28.amzn1.x86_64
    clamav-debuginfo-0.99.3-1.28.amzn1.x86_64
    clamav-db-0.99.3-1.28.amzn1.x86_64
    clamd-0.99.3-1.28.amzn1.x86_64
    clamav-0.99.3-1.28.amzn1.x86_64
    clamav-update-0.99.3-1.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-958.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Null pointer dereference

EUVDB-ID: #VU10318

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12380

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to input validation checking mechanisms during parsing the rfc2047 function in mbox.c during certain mail parsing functions. A remote attacker can send a specially crafted email, trigger a NULL pointer dereference condition and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    clamav-db-0.99.3-1.28.amzn1.i686
    clamav-milter-0.99.3-1.28.amzn1.i686
    clamav-lib-0.99.3-1.28.amzn1.i686
    clamav-debuginfo-0.99.3-1.28.amzn1.i686
    clamd-0.99.3-1.28.amzn1.i686
    clamav-devel-0.99.3-1.28.amzn1.i686
    clamav-update-0.99.3-1.28.amzn1.i686
    clamav-server-0.99.3-1.28.amzn1.i686
    clamav-0.99.3-1.28.amzn1.i686

noarch:
    clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-data-0.99.3-1.28.amzn1.noarch
    clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-scanner-0.99.3-1.28.amzn1.noarch
    clamav-data-empty-0.99.3-1.28.amzn1.noarch
    clamav-filesystem-0.99.3-1.28.amzn1.noarch
    clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch

src:
    clamav-0.99.3-1.28.amzn1.src

x86_64:
    clamav-milter-0.99.3-1.28.amzn1.x86_64
    clamav-lib-0.99.3-1.28.amzn1.x86_64
    clamav-devel-0.99.3-1.28.amzn1.x86_64
    clamav-server-0.99.3-1.28.amzn1.x86_64
    clamav-debuginfo-0.99.3-1.28.amzn1.x86_64
    clamav-db-0.99.3-1.28.amzn1.x86_64
    clamd-0.99.3-1.28.amzn1.x86_64
    clamav-0.99.3-1.28.amzn1.x86_64
    clamav-update-0.99.3-1.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-958.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU10317

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12379

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to input validation checking mechanisms in the message parsing function. A remote attacker can send a specially crafted email, trigger a messageAddArgument (in message.c) buffer overflow condition and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

i686:
    clamav-db-0.99.3-1.28.amzn1.i686
    clamav-milter-0.99.3-1.28.amzn1.i686
    clamav-lib-0.99.3-1.28.amzn1.i686
    clamav-debuginfo-0.99.3-1.28.amzn1.i686
    clamd-0.99.3-1.28.amzn1.i686
    clamav-devel-0.99.3-1.28.amzn1.i686
    clamav-update-0.99.3-1.28.amzn1.i686
    clamav-server-0.99.3-1.28.amzn1.i686
    clamav-0.99.3-1.28.amzn1.i686

noarch:
    clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-data-0.99.3-1.28.amzn1.noarch
    clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-scanner-0.99.3-1.28.amzn1.noarch
    clamav-data-empty-0.99.3-1.28.amzn1.noarch
    clamav-filesystem-0.99.3-1.28.amzn1.noarch
    clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch

src:
    clamav-0.99.3-1.28.amzn1.src

x86_64:
    clamav-milter-0.99.3-1.28.amzn1.x86_64
    clamav-lib-0.99.3-1.28.amzn1.x86_64
    clamav-devel-0.99.3-1.28.amzn1.x86_64
    clamav-server-0.99.3-1.28.amzn1.x86_64
    clamav-debuginfo-0.99.3-1.28.amzn1.x86_64
    clamav-db-0.99.3-1.28.amzn1.x86_64
    clamd-0.99.3-1.28.amzn1.x86_64
    clamav-0.99.3-1.28.amzn1.x86_64
    clamav-update-0.99.3-1.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-958.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer over-read

EUVDB-ID: #VU10316

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12378

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to input validation checking mechanisms of .tar (Tape Archive) files. A remote attacker can send a specially crafted input, trigger checksum buffer over-read condition and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    clamav-db-0.99.3-1.28.amzn1.i686
    clamav-milter-0.99.3-1.28.amzn1.i686
    clamav-lib-0.99.3-1.28.amzn1.i686
    clamav-debuginfo-0.99.3-1.28.amzn1.i686
    clamd-0.99.3-1.28.amzn1.i686
    clamav-devel-0.99.3-1.28.amzn1.i686
    clamav-update-0.99.3-1.28.amzn1.i686
    clamav-server-0.99.3-1.28.amzn1.i686
    clamav-0.99.3-1.28.amzn1.i686

noarch:
    clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-data-0.99.3-1.28.amzn1.noarch
    clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-scanner-0.99.3-1.28.amzn1.noarch
    clamav-data-empty-0.99.3-1.28.amzn1.noarch
    clamav-filesystem-0.99.3-1.28.amzn1.noarch
    clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch

src:
    clamav-0.99.3-1.28.amzn1.src

x86_64:
    clamav-milter-0.99.3-1.28.amzn1.x86_64
    clamav-lib-0.99.3-1.28.amzn1.x86_64
    clamav-devel-0.99.3-1.28.amzn1.x86_64
    clamav-server-0.99.3-1.28.amzn1.x86_64
    clamav-debuginfo-0.99.3-1.28.amzn1.x86_64
    clamav-db-0.99.3-1.28.amzn1.x86_64
    clamd-0.99.3-1.28.amzn1.x86_64
    clamav-0.99.3-1.28.amzn1.x86_64
    clamav-update-0.99.3-1.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-958.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Heap-based buffer over-read

EUVDB-ID: #VU10315

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12377

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to input validation checking mechanisms in mew packet files. A remote attacker can send a specially crafted .pdf file, trigger a heap-based buffer over-read condition in mew.c and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

i686:
    clamav-db-0.99.3-1.28.amzn1.i686
    clamav-milter-0.99.3-1.28.amzn1.i686
    clamav-lib-0.99.3-1.28.amzn1.i686
    clamav-debuginfo-0.99.3-1.28.amzn1.i686
    clamd-0.99.3-1.28.amzn1.i686
    clamav-devel-0.99.3-1.28.amzn1.i686
    clamav-update-0.99.3-1.28.amzn1.i686
    clamav-server-0.99.3-1.28.amzn1.i686
    clamav-0.99.3-1.28.amzn1.i686

noarch:
    clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-data-0.99.3-1.28.amzn1.noarch
    clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-scanner-0.99.3-1.28.amzn1.noarch
    clamav-data-empty-0.99.3-1.28.amzn1.noarch
    clamav-filesystem-0.99.3-1.28.amzn1.noarch
    clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch

src:
    clamav-0.99.3-1.28.amzn1.src

x86_64:
    clamav-milter-0.99.3-1.28.amzn1.x86_64
    clamav-lib-0.99.3-1.28.amzn1.x86_64
    clamav-devel-0.99.3-1.28.amzn1.x86_64
    clamav-server-0.99.3-1.28.amzn1.x86_64
    clamav-debuginfo-0.99.3-1.28.amzn1.x86_64
    clamav-db-0.99.3-1.28.amzn1.x86_64
    clamd-0.99.3-1.28.amzn1.x86_64
    clamav-0.99.3-1.28.amzn1.x86_64
    clamav-update-0.99.3-1.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-958.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU10314

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12376

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to input validation checking mechanisms when handling Portable Document Format (.pdf) files. A remote attacker can send a specially crafted .pdf file, trigger handle_pdfname (in pdf.c) buffer overflow and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

i686:
    clamav-db-0.99.3-1.28.amzn1.i686
    clamav-milter-0.99.3-1.28.amzn1.i686
    clamav-lib-0.99.3-1.28.amzn1.i686
    clamav-debuginfo-0.99.3-1.28.amzn1.i686
    clamd-0.99.3-1.28.amzn1.i686
    clamav-devel-0.99.3-1.28.amzn1.i686
    clamav-update-0.99.3-1.28.amzn1.i686
    clamav-server-0.99.3-1.28.amzn1.i686
    clamav-0.99.3-1.28.amzn1.i686

noarch:
    clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-data-0.99.3-1.28.amzn1.noarch
    clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-scanner-0.99.3-1.28.amzn1.noarch
    clamav-data-empty-0.99.3-1.28.amzn1.noarch
    clamav-filesystem-0.99.3-1.28.amzn1.noarch
    clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch

src:
    clamav-0.99.3-1.28.amzn1.src

x86_64:
    clamav-milter-0.99.3-1.28.amzn1.x86_64
    clamav-lib-0.99.3-1.28.amzn1.x86_64
    clamav-devel-0.99.3-1.28.amzn1.x86_64
    clamav-server-0.99.3-1.28.amzn1.x86_64
    clamav-debuginfo-0.99.3-1.28.amzn1.x86_64
    clamav-db-0.99.3-1.28.amzn1.x86_64
    clamd-0.99.3-1.28.amzn1.x86_64
    clamav-0.99.3-1.28.amzn1.x86_64
    clamav-update-0.99.3-1.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-958.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU10313

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12375

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to input validation checking mechanisms during parsing the rfc2047 function in mbox. A remote attacker can send a specially crafted input, trigger buffer overflow and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    clamav-db-0.99.3-1.28.amzn1.i686
    clamav-milter-0.99.3-1.28.amzn1.i686
    clamav-lib-0.99.3-1.28.amzn1.i686
    clamav-debuginfo-0.99.3-1.28.amzn1.i686
    clamd-0.99.3-1.28.amzn1.i686
    clamav-devel-0.99.3-1.28.amzn1.i686
    clamav-update-0.99.3-1.28.amzn1.i686
    clamav-server-0.99.3-1.28.amzn1.i686
    clamav-0.99.3-1.28.amzn1.i686

noarch:
    clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-data-0.99.3-1.28.amzn1.noarch
    clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-scanner-0.99.3-1.28.amzn1.noarch
    clamav-data-empty-0.99.3-1.28.amzn1.noarch
    clamav-filesystem-0.99.3-1.28.amzn1.noarch
    clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch

src:
    clamav-0.99.3-1.28.amzn1.src

x86_64:
    clamav-milter-0.99.3-1.28.amzn1.x86_64
    clamav-lib-0.99.3-1.28.amzn1.x86_64
    clamav-devel-0.99.3-1.28.amzn1.x86_64
    clamav-server-0.99.3-1.28.amzn1.x86_64
    clamav-debuginfo-0.99.3-1.28.amzn1.x86_64
    clamav-db-0.99.3-1.28.amzn1.x86_64
    clamd-0.99.3-1.28.amzn1.x86_64
    clamav-0.99.3-1.28.amzn1.x86_64
    clamav-update-0.99.3-1.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-958.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free error

EUVDB-ID: #VU10312

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12374

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to input validation checking mechanisms during parsing mbox.c operations on bounce messages. A remote attacker can send a specially crafted input, trigger use-after-free error and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    clamav-db-0.99.3-1.28.amzn1.i686
    clamav-milter-0.99.3-1.28.amzn1.i686
    clamav-lib-0.99.3-1.28.amzn1.i686
    clamav-debuginfo-0.99.3-1.28.amzn1.i686
    clamd-0.99.3-1.28.amzn1.i686
    clamav-devel-0.99.3-1.28.amzn1.i686
    clamav-update-0.99.3-1.28.amzn1.i686
    clamav-server-0.99.3-1.28.amzn1.i686
    clamav-0.99.3-1.28.amzn1.i686

noarch:
    clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-data-0.99.3-1.28.amzn1.noarch
    clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-scanner-0.99.3-1.28.amzn1.noarch
    clamav-data-empty-0.99.3-1.28.amzn1.noarch
    clamav-filesystem-0.99.3-1.28.amzn1.noarch
    clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch

src:
    clamav-0.99.3-1.28.amzn1.src

x86_64:
    clamav-milter-0.99.3-1.28.amzn1.x86_64
    clamav-lib-0.99.3-1.28.amzn1.x86_64
    clamav-devel-0.99.3-1.28.amzn1.x86_64
    clamav-server-0.99.3-1.28.amzn1.x86_64
    clamav-debuginfo-0.99.3-1.28.amzn1.x86_64
    clamav-db-0.99.3-1.28.amzn1.x86_64
    clamd-0.99.3-1.28.amzn1.x86_64
    clamav-0.99.3-1.28.amzn1.x86_64
    clamav-update-0.99.3-1.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-958.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free error

EUVDB-ID: #VU12172

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6420

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a rmeote attacker to cause DoS condition on the target system.

The weakness exists in libclamav/wwunpack.c due to use-after-free error. A remote attacker can trick the victim into opening a specially crafted PE file with WWPack compression, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    clamav-db-0.99.3-1.28.amzn1.i686
    clamav-milter-0.99.3-1.28.amzn1.i686
    clamav-lib-0.99.3-1.28.amzn1.i686
    clamav-debuginfo-0.99.3-1.28.amzn1.i686
    clamd-0.99.3-1.28.amzn1.i686
    clamav-devel-0.99.3-1.28.amzn1.i686
    clamav-update-0.99.3-1.28.amzn1.i686
    clamav-server-0.99.3-1.28.amzn1.i686
    clamav-0.99.3-1.28.amzn1.i686

noarch:
    clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-data-0.99.3-1.28.amzn1.noarch
    clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch
    clamav-scanner-0.99.3-1.28.amzn1.noarch
    clamav-data-empty-0.99.3-1.28.amzn1.noarch
    clamav-filesystem-0.99.3-1.28.amzn1.noarch
    clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch

src:
    clamav-0.99.3-1.28.amzn1.src

x86_64:
    clamav-milter-0.99.3-1.28.amzn1.x86_64
    clamav-lib-0.99.3-1.28.amzn1.x86_64
    clamav-devel-0.99.3-1.28.amzn1.x86_64
    clamav-server-0.99.3-1.28.amzn1.x86_64
    clamav-debuginfo-0.99.3-1.28.amzn1.x86_64
    clamav-db-0.99.3-1.28.amzn1.x86_64
    clamd-0.99.3-1.28.amzn1.x86_64
    clamav-0.99.3-1.28.amzn1.x86_64
    clamav-update-0.99.3-1.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-958.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###