George A. Theall via plug on 21 Feb 2023 14:24:10 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ClamAV vuln 

On Tue, Feb 21, 2023 at 03:01:49PM -0500, Walt Mankowski via plug wrote:

  That seems pretty darn rare to me. When’s the last time you shared a
  file with someone where it wasn’t either online or on a flash drive?
And even so, what’s the attack vector here? 

Cisco's advisory says an attacker can exploit it by "submitting a
crafted HFS+ partition file to be scanned by ClamAV".  Given ClamAV runs
on things like mail servers, it seems wormable to me. 

George
--
theall@tifaware.com
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug