OpenSUSE Linux update for clamav



Published: 2018-10-29
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2018-14680
CVE-2018-14681
CVE-2018-14682
CVE-2018-15378
CWE-ID CWE-20
CWE-121
CWE-125
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe 		Opensuse
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU14161

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-14680

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to the chmd_read_headers() function, as defined in the mspack/chmd.c source code file of the affected software, does not reject blank CHM filenames. A local attacker can submit a CHM file with a blank filename and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00075.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Stack-based buffer overflow

EUVDB-ID: #VU14159

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-14681

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to stack-based buffer overflow in the kwajd_read_headers function, as defined in the mspack/kwajd.c source code file. A local attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00075.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Stack-based buffer overflow

EUVDB-ID: #VU14160

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-14682

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to stack-based buffer overflow in the tolower macro, as defined in the mspack/chmd.c source code file. A local attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00075.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Buffer over-read

EUVDB-ID: #VU15374

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-15378

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition related to MEW unpacker within the unmew11() function in libclamav/mew.c. A remote attacker can create a specially crafted EXE file, pass it to vulnerable application and trigger invalid memory read.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00075.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###