Debian dla-3983 : clamav - security update

medium Nessus Plugin ID 212107

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3983 advisory.

- ------------------------------------------------------------------------- Debian LTS Advisory DLA-3983-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro December 04, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : clamav Version : 1.0.7+dfsg-1~deb11u1 CVE ID : CVE-2024-20505 CVE-2024-20506 Debian Bug : #1080962

Two vulnerabilities were found in ClamAV, an antivirus toolkit for Unix.

CVE-2024-20505

Affected versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

CVE-2024-20506

Affected versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.

ClamAV was updated to version 1.0.7+dfsg-1~deb10u1. Due to the library soname bump, the reverse dependencies of libclamav9 were rebuilt against libclamav11.
The following source packages were updated:

- - c-icap-modules/1:0.5.4-2+deb11u1
- - cyrus-imapd/3.2.6-2+deb11u3
- - havp/0.93-2+deb11u1
- - pg-snakeoil/1.3-2+deb11u1
- - libclamunrar/1.0.3-1~deb11u1

For Debian 11 bullseye, these problems have been fixed in version 1.0.7+dfsg-1~deb11u1.

We recommend that you upgrade your clamav packages.

For the detailed security status of clamav please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/clamav

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the clamav packages.

See Also

https://security-tracker.debian.org/tracker/source-package/clamav

https://security-tracker.debian.org/tracker/CVE-2024-20506

https://security-tracker.debian.org/tracker/CVE-2024-20505

https://packages.debian.org/source/bullseye/clamav

Plugin Details

Severity: Medium

ID: 212107

File Name: debian_DLA-3983.nasl

Version: 1.1

Type: local

Agent: unix

Published: 12/6/2024

Updated: 12/6/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5.2

Temporal Score: 3.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:P/A:C

CVSS Score Source: CVE-2024-20506

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:clamav-base, p-cpe:/a:debian:debian_linux:clamav, cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libclamav-dev, p-cpe:/a:debian:debian_linux:clamav-milter, p-cpe:/a:debian:debian_linux:clamav-docs, p-cpe:/a:debian:debian_linux:clamav-freshclam, p-cpe:/a:debian:debian_linux:clamav-daemon, p-cpe:/a:debian:debian_linux:libclamav11, p-cpe:/a:debian:debian_linux:clamav-testfiles, p-cpe:/a:debian:debian_linux:clamdscan

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 12/4/2024

Vulnerability Publication Date: 9/4/2024

Reference Information

CVE: CVE-2024-20505, CVE-2024-20506

IAVB: 2024-B-0134