Re: [PLUG] ClamAV vuln

Walt Mankowski via plug on 21 Feb 2023 08:49:54 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ClamAV vuln

From: Walt Mankowski via plug <plug@lists.phillylinux.org>
To: "PLUG Mailing List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] ClamAV vuln
Date: Tue, 21 Feb 2023 11:49:23 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=sasl; bh=Khpc+qt6c9XNzsnZ/j7ZXjhnN9WRtn M/6eTy9ZgiOKY=; b=CEPUlhMe9zKl9AYVKS6Po+IM9pKY1avFr7+V2vvK9dtCyH Fjjd+PJXEXCyBD3D/zpTmEalFPsIu2o7WsKqL6Ye1fZrLne1JokpnZk0qYkSCDRl 3OV+onx+HP6CT0EnWdhK2TjWDkHMjFsNR4KsHN13ts5vooVIxIGTvQISrH168=
Feedback-id: i7af9444b:Fastmail
Reply-to: Walt Mankowski <waltman@pobox.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Cyrus-JMAP/3.9.0-alpha0-172-g9a2dae1853-fm-20230213.001-g9a2dae18

HFS+ hasn’t been the default file system on macOS since 10.13 (“High Sierra”) was released in 2017. I think the update actually converted your file system from HFS+ to APFS. So this bug is only going to affect people with very old Apple hardware that they haven’t updated in 6 years.

It’s not great, of course. But it’s also hard to imagine the bad guys are going to spend a lot of time targeting this particular flaw.

Walt

On Tue, Feb 21, 2023, at 10:21 AM, jeffv via plug wrote:

Antivirus apps are there to protect you – Cisco's ClamAV has a heckuva
flaw

https://www.theregister.com/2023/02/17/cisco_clamav_critical_flaw/

"A vulnerability in the HFS+ partition file parser of ClamAV versions
1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could
allow an unauthenticated, remote attacker to execute arbitrary code,"
states Cisco's security advisory, which identifies the issue as
CVE-2023-20032.

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] ClamAV vuln
  - From: Ron Guilmet via plug <plug@lists.phillylinux.org>
- Re: [PLUG] ClamAV vuln
  - From: Martin Cracauer via plug <plug@lists.phillylinux.org>

References:
- [PLUG] ClamAV vuln
  - From: jeffv via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] ClamAV vuln
Next by Date: Re: [PLUG] ClamAV vuln
Previous by thread: [PLUG] ClamAV vuln
Next by thread: Re: [PLUG] ClamAV vuln
Index(es):
- Date
- Thread