Amazon Linux AMI update for clamav
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 |
| CWE-ID | CWE-125 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU32026
Risk: Medium
CVSSv3.1: 4.8 [AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1787
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
clamav-lib-0.101.2-1.38.amzn1.i686
clamav-update-0.101.2-1.38.amzn1.i686
clamav-debuginfo-0.101.2-1.38.amzn1.i686
clamav-0.101.2-1.38.amzn1.i686
clamd-0.101.2-1.38.amzn1.i686
clamav-db-0.101.2-1.38.amzn1.i686
clamav-devel-0.101.2-1.38.amzn1.i686
clamav-milter-0.101.2-1.38.amzn1.i686
noarch:
clamav-data-0.101.2-1.38.amzn1.noarch
clamav-filesystem-0.101.2-1.38.amzn1.noarch
src:
clamav-0.101.2-1.38.amzn1.src
x86_64:
clamav-lib-0.101.2-1.38.amzn1.x86_64
clamav-devel-0.101.2-1.38.amzn1.x86_64
clamav-db-0.101.2-1.38.amzn1.x86_64
clamav-debuginfo-0.101.2-1.38.amzn1.x86_64
clamd-0.101.2-1.38.amzn1.x86_64
clamav-0.101.2-1.38.amzn1.x86_64
clamav-milter-0.101.2-1.38.amzn1.x86_64
clamav-update-0.101.2-1.38.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2019-1213.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU32027
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1788
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
clamav-lib-0.101.2-1.38.amzn1.i686
clamav-update-0.101.2-1.38.amzn1.i686
clamav-debuginfo-0.101.2-1.38.amzn1.i686
clamav-0.101.2-1.38.amzn1.i686
clamd-0.101.2-1.38.amzn1.i686
clamav-db-0.101.2-1.38.amzn1.i686
clamav-devel-0.101.2-1.38.amzn1.i686
clamav-milter-0.101.2-1.38.amzn1.i686
noarch:
clamav-data-0.101.2-1.38.amzn1.noarch
clamav-filesystem-0.101.2-1.38.amzn1.noarch
src:
clamav-0.101.2-1.38.amzn1.src
x86_64:
clamav-lib-0.101.2-1.38.amzn1.x86_64
clamav-devel-0.101.2-1.38.amzn1.x86_64
clamav-db-0.101.2-1.38.amzn1.x86_64
clamav-debuginfo-0.101.2-1.38.amzn1.x86_64
clamd-0.101.2-1.38.amzn1.x86_64
clamav-0.101.2-1.38.amzn1.x86_64
clamav-milter-0.101.2-1.38.amzn1.x86_64
clamav-update-0.101.2-1.38.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2019-1213.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU30707
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1789
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
clamav-lib-0.101.2-1.38.amzn1.i686
clamav-update-0.101.2-1.38.amzn1.i686
clamav-debuginfo-0.101.2-1.38.amzn1.i686
clamav-0.101.2-1.38.amzn1.i686
clamd-0.101.2-1.38.amzn1.i686
clamav-db-0.101.2-1.38.amzn1.i686
clamav-devel-0.101.2-1.38.amzn1.i686
clamav-milter-0.101.2-1.38.amzn1.i686
noarch:
clamav-data-0.101.2-1.38.amzn1.noarch
clamav-filesystem-0.101.2-1.38.amzn1.noarch
src:
clamav-0.101.2-1.38.amzn1.src
x86_64:
clamav-lib-0.101.2-1.38.amzn1.x86_64
clamav-devel-0.101.2-1.38.amzn1.x86_64
clamav-db-0.101.2-1.38.amzn1.x86_64
clamav-debuginfo-0.101.2-1.38.amzn1.x86_64
clamd-0.101.2-1.38.amzn1.x86_64
clamav-0.101.2-1.38.amzn1.x86_64
clamav-milter-0.101.2-1.38.amzn1.x86_64
clamav-update-0.101.2-1.38.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2019-1213.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
