Walt Mankowski via plug on 21 Feb 2023 12:02:45 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ClamAV vuln

That seems pretty darn rare to me. When’s the last time you shared a file with someone where it wasn’t either online or on a flash drive? And even so, what’s the attack vector here? Anything that old has probably been sitting in a closet collecting dust since long before this was discovered. How’s the bad guy supposed to infect it?

On Tue, Feb 21, 2023, at 2:36 PM, Martin Cracauer via plug wrote:
Walt Mankowski via plug wrote on Tue, Feb 21, 2023 at 11:49:23AM -0500: 
> HFS+ hasn???t been the default file system on macOS since 10.13 (???High Sierra???) was released in 2017. I think the update actually converted your file system from HFS+ to APFS. So this bug is only going to affect people with very old Apple hardware that they haven???t updated in 6 years.

> It???s not great, of course. But it???s also hard to imagine the bad guys are going to spend a lot of time targeting this particular flaw.

People also have old backup drives, and use those to give big files to
each other.

Martin
 
> Walt

> On Tue, Feb 21, 2023, at 10:21 AM, jeffv via plug wrote:
> > Antivirus apps are there to protect you ??? Cisco's ClamAV has a heckuva
> > flaw
> > 
> > https://www.theregister.com/2023/02/17/cisco_clamav_critical_flaw/
> > 
> > "A vulnerability in the HFS+ partition file parser of ClamAV versions
> > 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could
> > allow an unauthenticated, remote attacker to execute arbitrary code,"
> > states Cisco's security advisory, which identifies the issue as
> > CVE-2023-20032.
> > 
> > ___________________________________________________________________________
> > Philadelphia Linux Users Group         --        http://www.phillylinux.org
> > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
> > 

> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


-- 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer@cons.org>   http://www.cons.org/cracauer/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug