Antivirus apps are there to protect you – Cisco's ClamAV has a heckuva flaw

Trending 7 months ago

Antivirus package is expected to beryllium an important portion of an organization's defense against nan endless tide of malware.

Cisco's unfastened root ClamAV tin capable that domiciled – erstwhile you spot nan 9.8/10 rated arbitrary codification execution flaw nan networking elephantine revealed connected Wednesday.

"A vulnerability successful nan HFS+ partition record parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could let an unauthenticated, distant attacker to execute arbitrary code," states Cisco's security advisory, which identifies nan rumor arsenic CVE-2023-20032.

"This vulnerability is owed to a missing buffer size cheque that whitethorn consequence successful a heap buffer overflow write," nan archive elaborates. "An attacker could utilization this vulnerability by submitting a crafted HFS+ partition record to beryllium scanned by ClamAV connected an affected device. A successful utilization could let nan attacker to execute arbitrary codification pinch nan privileges of nan ClamAV scanning process, aliases other clang nan process, resulting successful a denial of work (DoS) condition."

ClamAV's blog reveals a 2nd flaw successful nan software: CVE-2023-20052.

Both are patched successful type 1.01 of nan application, disposable here.

  • ESXiArgs ransomware fights disconnected Team America's information betterment script
  • Burn, backlog, burn: Cisco inferno clears distant proviso concatenation hassles
  • Intel patches up SGX champion it tin aft different load of information holes found
  • Counterfeit crud crooks crossed complete to e-commerce during COVID

But fixing ClamAV is not nan extremity of nan story. Addressing nan faulty record parser besides requires updates to different Cisco products, including nan Secure Web Appliance hardware. The Secure Endpoint Private Cloud besides needs a fix, arsenic does Cisco's Secure Endpoint merchandise (formerly known arsenic Advanced Malware Protection for Endpoints) for Linux, Windows, and macOS.

Thankfully, Cisco is not alert of "any nationalist announcements aliases malicious usage of nan vulnerability that is described successful this advisory."

But what pinch ClamAV being free and unfastened source, these flaws will apt beryllium a target that miscreants and criminals won't disregard for long.

So while nan deficiency of exploits intends this whitethorn not beryllium a weekend-killer, swift action – not clamming up astir it – looks wise. ®