Antivirus software program is meant to be an essential a part of a company’s protection towards the infinite tide of malware.
Cisco’s open supply ClamAV can fill that function – when you patch the 9.8/10 rated arbitrary code execution flaw the networking big revealed on Wednesday.
“A vulnerability within the HFS+ partition file parser of ClamAV variations 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier might permit an unauthenticated, distant attacker to execute arbitrary code,” states Cisco’s security advisory, which identifies the problem as CVE-2023-20032.
“This vulnerability is because of a lacking buffer measurement examine which will lead to a heap buffer overflow write,” the doc elaborates. “An attacker might exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected gadget. A profitable exploit might permit the attacker to execute arbitrary code with the privileges of the ClamAV scanning course of, or else crash the method, leading to a denial of service (DoS) situation.”
ClamAV’s weblog reveals a second flaw within the software program: CVE-2023-20052.
Each are patched in model 1.01 of the applying, accessible here.
However fixing ClamAV will not be the top of the story. Addressing the defective file parser additionally requires updates to different Cisco merchandise, together with the Safe Internet Equipment {hardware}. The Safe Endpoint Non-public Cloud additionally wants a repair, as does Cisco’s Safe Endpoint product (previously often called Superior Malware Safety for Endpoints) for Linux, Home windows, and macOS.
Fortunately, Cisco will not be conscious of “any public bulletins or malicious use of the vulnerability that’s described on this advisory.”
However what with ClamAV being free and open supply, these flaws will seemingly be a goal that miscreants and criminals will not ignore for lengthy.
So whereas the shortage of exploits means this will not be a weekend-killer, swift motion – not clamming up about it – seems clever. ®
Source link