Re: [PLUG] ClamAV vuln

Martin Cracauer via plug on 21 Feb 2023 11:36:57 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ClamAV vuln

From: Martin Cracauer via plug <plug@lists.phillylinux.org>
To: Walt Mankowski <waltman@pobox.com>
Subject: Re: [PLUG] ClamAV vuln
Date: Tue, 21 Feb 2023 14:36:49 -0500
Cc: PLUG Mailing List <plug@lists.phillylinux.org>
Reply-to: Martin Cracauer <cracauer@cons.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

Walt Mankowski via plug wrote on Tue, Feb 21, 2023 at 11:49:23AM -0500: 
> HFS+ hasn???t been the default file system on macOS since 10.13 (???High Sierra???) was released in 2017. I think the update actually converted your file system from HFS+ to APFS. So this bug is only going to affect people with very old Apple hardware that they haven???t updated in 6 years.
> 
> It???s not great, of course. But it???s also hard to imagine the bad guys are going to spend a lot of time targeting this particular flaw.

People also have old backup drives, and use those to give big files to
each other.

Martin
 
> Walt
> 
> On Tue, Feb 21, 2023, at 10:21 AM, jeffv via plug wrote:
> > Antivirus apps are there to protect you ??? Cisco's ClamAV has a heckuva
> > flaw
> > 
> > https://www.theregister.com/2023/02/17/cisco_clamav_critical_flaw/
> > 
> > "A vulnerability in the HFS+ partition file parser of ClamAV versions
> > 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could
> > allow an unauthenticated, remote attacker to execute arbitrary code,"
> > states Cisco's security advisory, which identifies the issue as
> > CVE-2023-20032.
> > 
> > ___________________________________________________________________________
> > Philadelphia Linux Users Group         --        http://www.phillylinux.org
> > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
> > 

> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


-- 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer@cons.org>   http://www.cons.org/cracauer/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] ClamAV vuln
  - From: Walt Mankowski via plug <plug@lists.phillylinux.org>

References:
- [PLUG] ClamAV vuln
  - From: jeffv via plug <plug@lists.phillylinux.org>
- Re: [PLUG] ClamAV vuln
  - From: Walt Mankowski via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] ClamAV vuln
Next by Date: Re: [PLUG] ClamAV vuln
Previous by thread: Re: [PLUG] ClamAV vuln
Next by thread: Re: [PLUG] ClamAV vuln
Index(es):
- Date
- Thread