OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: R@sM!ke on January 25, 2022, 05:03:17 AM

Title: clamav -- invalid pointer read that may cause a crash
Post by: R@sM!ke on January 25, 2022, 05:03:17 AM
Just did a security scan on my install and got the following, are there any concerns at the moment or anything in the works to resolve?

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.7.7 (amd64/OpenSSL) at Mon Jan 24 21:53:55 CST 2022
vulnxml file up-to-date
clamav-0.104.1,1 is vulnerable:
  clamav -- invalid pointer read that may cause a crash
  CVE: CVE-2022-20698
  WWW: https://vuxml.FreeBSD.org/freebsd/2a6106c6-73e5-11ec-8fa2-0800270512f4.html

1 problem(s) in 1 installed package(s) found.
***DONE***
Title: Re: clamav -- invalid pointer read that may cause a crash
Post by: franco on January 25, 2022, 07:26:37 AM
Choose your fighter:

Wait for 21.7.8 or dig into that report yourself.

;)


Cheers,
Franco
Title: Re: clamav -- invalid pointer read that may cause a crash
Post by: seed on January 25, 2022, 01:08:46 PM
Quote from: R@sM!ke on January 25, 2022, 05:03:17 AM
Just did a security scan on my install and got the following, are there any concerns at the moment or anything in the works to resolve?

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.7.7 (amd64/OpenSSL) at Mon Jan 24 21:53:55 CST 2022
vulnxml file up-to-date
clamav-0.104.1,1 is vulnerable:
  clamav -- invalid pointer read that may cause a crash
  CVE: CVE-2022-20698
  WWW: https://vuxml.FreeBSD.org/freebsd/2a6106c6-73e5-11ec-8fa2-0800270512f4.html

1 problem(s) in 1 installed package(s) found.
***DONE***




Reading the CVE: "An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition."

Which means that the clamav servive might crash. Since its not an RCE i wouldnt panic. One can still disable the clamav scanning to mitigate this issue.

Regarding an update. You might take a look at this:

https://forum.opnsense.org/index.php?topic=26437.msg128000#new

Chances are that the is a whole bunch of things comming which are being updated.
Since the developers can see the issue themself its quite possible that they already know about the clam vuln.

In the last years they pushed patches very quickly......much quicker then certain security vendors. So i see no reason to panic.