ID CVE-2018-1000085
Summary ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.
References
Vulnerable Configurations
  • cpe:2.3:a:clamav:clamav:0.99.3
    cpe:2.3:a:clamav:clamav:0.99.3
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3592-1.NASL
    description It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-0202) Hanno Bock discovered that ClamAV incorrectly handled parsing certain XAR files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-1000085). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-04-11
    modified 2018-04-11
    plugin id 107256
    published 2018-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107256
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : clamav vulnerabilities (USN-3592-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1307.NASL
    description Some vulnerabilities have been found in ClamAV, an open source antivirus engine : CVE-2018-0202 It was found that ClamAV didn't process certain PDF files correctly, relating to a heap overflow. Specially crafted PDFs could yield ClamAV to crash, resulting in a denial of service or potentially execution of arbitrary code. CVE-2018-1000085 Hanno Böck discovered that ClamAV didn't process XAR files correctly. Malformed XAR files could cause ClamAV to crash by an out of bounds heap read. This could result in a denial of service. For Debian 7 'Wheezy', these problems have been fixed in version 0.99.4+dfsg-1+deb7u1. We recommend that you upgrade your clamav packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-04-12
    modified 2018-04-11
    plugin id 108415
    published 2018-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108415
    title Debian DLA-1307-1 : clamav security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D2B08AA37F.NASL
    description Update to 0.99.4 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for : - CVE-2012-6706 - CVE-2017-6419 - CVE-2017-11423 - CVE-2018-1000085 There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance. One of these was the notorious file descriptor exhaustion bug that caused outages late last January. In addition to the above, 0.99.4 fixes : - CVE-2018-0202: Two newly reported vulnerabilities in the PDF parsing code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-03-15
    modified 2018-03-14
    plugin id 108311
    published 2018-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108311
    title Fedora 26 : clamav (2018-d2b08aa37f)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-314.NASL
    description This update for clamav fixes the following issues : Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2018-03-30
    modified 2018-03-27
    plugin id 108637
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108637
    title openSUSE Security Update : clamav (openSUSE-2018-314)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-976.NASL
    description Heap-based buffer overflow in mspack/lzxd.c mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. (CVE-2017-6419) Out-of-bounds access in the PDF parser (CVE-2018-0202) A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the 'DestPos' variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. (CVE-2012-6706) ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. (CVE-2018-1000085) Stack-based buffer over-read in cabd_read_string function The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. (CVE-2017-11423)
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 108601
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108601
    title Amazon Linux AMI : clamav (ALAS-2018-976)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0863-1.NASL
    description This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 108829
    published 2018-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108829
    title SUSE SLES11 Security Update : clamav (SUSE-SU-2018:0863-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201804-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201804-16 (ClamAV: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, through multiple vectors, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2018-06-08
    modified 2018-06-07
    plugin id 109230
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109230
    title GLSA-201804-16 : ClamAV: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-602B5345FA.NASL
    description Update to 0.99.4 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for : - CVE-2012-6706 - CVE-2017-6419 - CVE-2017-11423 - CVE-2018-1000085 There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance. One of these was the notorious file descriptor exhaustion bug that caused outages late last January. In addition to the above, 0.99.4 fixes : - CVE-2018-0202: Two newly reported vulnerabilities in the PDF parsing code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-03-08
    modified 2018-03-07
    plugin id 107169
    published 2018-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107169
    title Fedora 27 : clamav (2018-602b5345fa)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0809-1.NASL
    description This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 108652
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108652
    title SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0809-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2323-1.NASL
    description This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed : - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made : - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-17
    modified 2018-08-15
    plugin id 111744
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111744
    title SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:2323-1)
refmap via4
misc https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
mlist
  • [debian-lts-announce] 20180316 [SECURITY] [DLA 1307-1] clamav security update
  • [oss-security] 20170929 clamav: Out of bounds read and segfault in xar parser
ubuntu
  • USN-3592-1
  • USN-3592-2
Last major update 13-03-2018 - 11:29
Published 13-03-2018 - 11:29
Last modified 10-04-2018 - 14:51
Back to Top