Amazon Linux AMI update for clamav

1) Stack-based buffer over-read

EUVDB-ID: #VU11217

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-11423

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the cabd_read_string function due to stack-based buffer over-read. A remote attacker can send a specially crafted CAB file, trick the victim into opening it, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    clamav-0.99.4-1.29.amzn1.i686
    clamd-0.99.4-1.29.amzn1.i686
    clamav-update-0.99.4-1.29.amzn1.i686
    clamav-db-0.99.4-1.29.amzn1.i686
    clamav-milter-0.99.4-1.29.amzn1.i686
    clamav-debuginfo-0.99.4-1.29.amzn1.i686
    clamav-lib-0.99.4-1.29.amzn1.i686
    clamav-server-0.99.4-1.29.amzn1.i686
    clamav-devel-0.99.4-1.29.amzn1.i686

noarch:
    clamav-milter-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-server-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-filesystem-0.99.4-1.29.amzn1.noarch
    clamav-data-empty-0.99.4-1.29.amzn1.noarch
    clamav-scanner-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-scanner-0.99.4-1.29.amzn1.noarch
    clamav-data-0.99.4-1.29.amzn1.noarch

src:
    clamav-0.99.4-1.29.amzn1.src

x86_64:
    clamav-devel-0.99.4-1.29.amzn1.x86_64
    clamav-update-0.99.4-1.29.amzn1.x86_64
    clamav-server-0.99.4-1.29.amzn1.x86_64
    clamav-debuginfo-0.99.4-1.29.amzn1.x86_64
    clamav-db-0.99.4-1.29.amzn1.x86_64
    clamd-0.99.4-1.29.amzn1.x86_64
    clamav-0.99.4-1.29.amzn1.x86_64
    clamav-milter-0.99.4-1.29.amzn1.x86_64
    clamav-lib-0.99.4-1.29.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-976.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU11216

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6419

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker can send a specially crafted CHM file, trick the victim into opening it and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

i686:
    clamav-0.99.4-1.29.amzn1.i686
    clamd-0.99.4-1.29.amzn1.i686
    clamav-update-0.99.4-1.29.amzn1.i686
    clamav-db-0.99.4-1.29.amzn1.i686
    clamav-milter-0.99.4-1.29.amzn1.i686
    clamav-debuginfo-0.99.4-1.29.amzn1.i686
    clamav-lib-0.99.4-1.29.amzn1.i686
    clamav-server-0.99.4-1.29.amzn1.i686
    clamav-devel-0.99.4-1.29.amzn1.i686

noarch:
    clamav-milter-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-server-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-filesystem-0.99.4-1.29.amzn1.noarch
    clamav-data-empty-0.99.4-1.29.amzn1.noarch
    clamav-scanner-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-scanner-0.99.4-1.29.amzn1.noarch
    clamav-data-0.99.4-1.29.amzn1.noarch

src:
    clamav-0.99.4-1.29.amzn1.src

x86_64:
    clamav-devel-0.99.4-1.29.amzn1.x86_64
    clamav-update-0.99.4-1.29.amzn1.x86_64
    clamav-server-0.99.4-1.29.amzn1.x86_64
    clamav-debuginfo-0.99.4-1.29.amzn1.x86_64
    clamav-db-0.99.4-1.29.amzn1.x86_64
    clamd-0.99.4-1.29.amzn1.x86_64
    clamav-0.99.4-1.29.amzn1.x86_64
    clamav-milter-0.99.4-1.29.amzn1.x86_64
    clamav-lib-0.99.4-1.29.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-976.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU11302

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0202

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation checking mechanisms when handling Portable Document Format files. A remote attacker can send a specially .pdf file, trigger out-of-bounds read and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    clamav-0.99.4-1.29.amzn1.i686
    clamd-0.99.4-1.29.amzn1.i686
    clamav-update-0.99.4-1.29.amzn1.i686
    clamav-db-0.99.4-1.29.amzn1.i686
    clamav-milter-0.99.4-1.29.amzn1.i686
    clamav-debuginfo-0.99.4-1.29.amzn1.i686
    clamav-lib-0.99.4-1.29.amzn1.i686
    clamav-server-0.99.4-1.29.amzn1.i686
    clamav-devel-0.99.4-1.29.amzn1.i686

noarch:
    clamav-milter-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-server-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-filesystem-0.99.4-1.29.amzn1.noarch
    clamav-data-empty-0.99.4-1.29.amzn1.noarch
    clamav-scanner-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-scanner-0.99.4-1.29.amzn1.noarch
    clamav-data-0.99.4-1.29.amzn1.noarch

src:
    clamav-0.99.4-1.29.amzn1.src

x86_64:
    clamav-devel-0.99.4-1.29.amzn1.x86_64
    clamav-update-0.99.4-1.29.amzn1.x86_64
    clamav-server-0.99.4-1.29.amzn1.x86_64
    clamav-debuginfo-0.99.4-1.29.amzn1.x86_64
    clamav-db-0.99.4-1.29.amzn1.x86_64
    clamd-0.99.4-1.29.amzn1.x86_64
    clamav-0.99.4-1.29.amzn1.x86_64
    clamav-milter-0.99.4-1.29.amzn1.x86_64
    clamav-lib-0.99.4-1.29.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-976.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Integer overflow

EUVDB-ID: #VU8602

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2012-6706

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing .rar archives in unrar 5.5.4. A remote unauthenticated attacker can create a specially crafted archive, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

i686:
    clamav-0.99.4-1.29.amzn1.i686
    clamd-0.99.4-1.29.amzn1.i686
    clamav-update-0.99.4-1.29.amzn1.i686
    clamav-db-0.99.4-1.29.amzn1.i686
    clamav-milter-0.99.4-1.29.amzn1.i686
    clamav-debuginfo-0.99.4-1.29.amzn1.i686
    clamav-lib-0.99.4-1.29.amzn1.i686
    clamav-server-0.99.4-1.29.amzn1.i686
    clamav-devel-0.99.4-1.29.amzn1.i686

noarch:
    clamav-milter-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-server-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-filesystem-0.99.4-1.29.amzn1.noarch
    clamav-data-empty-0.99.4-1.29.amzn1.noarch
    clamav-scanner-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-scanner-0.99.4-1.29.amzn1.noarch
    clamav-data-0.99.4-1.29.amzn1.noarch

src:
    clamav-0.99.4-1.29.amzn1.src

x86_64:
    clamav-devel-0.99.4-1.29.amzn1.x86_64
    clamav-update-0.99.4-1.29.amzn1.x86_64
    clamav-server-0.99.4-1.29.amzn1.x86_64
    clamav-debuginfo-0.99.4-1.29.amzn1.x86_64
    clamav-db-0.99.4-1.29.amzn1.x86_64
    clamd-0.99.4-1.29.amzn1.x86_64
    clamav-0.99.4-1.29.amzn1.x86_64
    clamav-milter-0.99.4-1.29.amzn1.x86_64
    clamav-lib-0.99.4-1.29.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-976.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Out-of-bounds read

EUVDB-ID: #VU11136

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000085

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the xar_hash_check() function due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted XAR file, trick the victim into opening it, trigger out-of-bounds heap memory read and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    clamav-0.99.4-1.29.amzn1.i686
    clamd-0.99.4-1.29.amzn1.i686
    clamav-update-0.99.4-1.29.amzn1.i686
    clamav-db-0.99.4-1.29.amzn1.i686
    clamav-milter-0.99.4-1.29.amzn1.i686
    clamav-debuginfo-0.99.4-1.29.amzn1.i686
    clamav-lib-0.99.4-1.29.amzn1.i686
    clamav-server-0.99.4-1.29.amzn1.i686
    clamav-devel-0.99.4-1.29.amzn1.i686

noarch:
    clamav-milter-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-server-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-filesystem-0.99.4-1.29.amzn1.noarch
    clamav-data-empty-0.99.4-1.29.amzn1.noarch
    clamav-scanner-sysvinit-0.99.4-1.29.amzn1.noarch
    clamav-scanner-0.99.4-1.29.amzn1.noarch
    clamav-data-0.99.4-1.29.amzn1.noarch

src:
    clamav-0.99.4-1.29.amzn1.src

x86_64:
    clamav-devel-0.99.4-1.29.amzn1.x86_64
    clamav-update-0.99.4-1.29.amzn1.x86_64
    clamav-server-0.99.4-1.29.amzn1.x86_64
    clamav-debuginfo-0.99.4-1.29.amzn1.x86_64
    clamav-db-0.99.4-1.29.amzn1.x86_64
    clamd-0.99.4-1.29.amzn1.x86_64
    clamav-0.99.4-1.29.amzn1.x86_64
    clamav-milter-0.99.4-1.29.amzn1.x86_64
    clamav-lib-0.99.4-1.29.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-976.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	High
Patch available	YES
Number of vulnerabilities	5
CVE-ID	CVE-2017-11423 CVE-2017-6419 CVE-2018-0202 CVE-2012-6706 CVE-2018-1000085
CWE-ID	CWE-126 CWE-122 CWE-125 CWE-190
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #4 is available.
Vulnerable software Subscribe	Amazon Linux AMI Operating systems & Components / Operating system
Vendor	Amazon Web Services