| Developers: | Cisco Systems, Sourcefire |
| Last Release Date: | 2023/02/17 |
| Technology: | Information Security - Antiviruses |
Content |
Main article: Antiviruses
ClamAV is an open source cross-platform antivirus that is primarily used to scan mail on public mail servers.
2023: Identifying CVE-2023-20032 and CVE-2023-20052 vulnerabilities
On February 17, 2023, it became known that two dangerous holes were identified in Cisco's free ClamAV antivirus package. With their help, an attacker can steal any files from the victim's computer or execute arbitrary code on it. You will not need physical access to the machine - you can exploit the "holes" remotely. Both vulnerabilities were discovered by information security researcher Simon Scanell of Google Corporation.
As reported, the holes were closed by Cisco specialists in ClamAV versions 1.01, 0.150.3 and 0.103.8. Updated builds of the program can be downloaded from the official website of the project.
The first of the vulnerabilities discovered by experts is tracked under the CVE-2023-20032 identifier, its danger was estimated by experts at 9.8 points out of 10 possible. According to information published on the Cisco portal, the flaw affects the HFS + file parser.
HFS + files contain disk images based on the HFS + (Hierarchical File System Plus) file system developed by Apple and used in the macOS operating system.
To check such an image for malware, the antivirus must first "unpack" it, just as it does with archives, for example, ZIP or RAR.
The HFS + ClamAV image parser - the antivirus module that is responsible for "unpacking" - contains a vulnerability that makes it possible for an attacker to execute arbitrary code.
The vulnerability was caused by an error by developers who did not provide for checking the size of the buffer in the heap (heap), which allows an attacker to write to an area outside the buffer and cause code execution with the privileges of the ClamAV process or cause an abnormal stop of the process itself, thereby putting the system in a denial of service (DoS condition) state.
As explained in Cisco, for this the hacker needs to deliver the HFS + file formed according to special rules to the victim's system. The trigger for the start of the attack will be an antivirus scan of this file.
The ClamAV blog also mentions another hole - CVE-2023-20052 (danger - 5.3 points). Like CVE-2023-20032, it is related to parsers and allows leak any files on the machine that the ClamAV process has access to. However, this time the parser of DMG image files is "to blame," which is also mainly used in. operating system macOS The attack begins with "feeding" the antivirus a specially designed DMG file[1]
2007: Project buyback
In 2007, the project was purchased from its key developers by Sourcefire, which subsequently - in 2013 - came under the control of Cisco.
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |