ClamAV Vulnerabilities Fixed in Ubuntu 16.04 and Ubuntu 18.04
Two security vulnerabilities were discovered in ClamAV, a widely used antivirus software for Linux systems. These issues could allow attackers to compromise the security of your system and potentially gain unauthorized access to sensitive data. In this article, we explore the details of these vulnerabilities and provides guidance on how to secure your Ubuntu 16.04 and Ubuntu 18.04 systems.
ClamAV Vulnerabilities Overview
CVE-2024-20505
A critical flaw in the PDF parsing module of ClamAV was discovered. This issue exists in ClamAV versions 1.4.0, 1.3.2, and all earlier versions, including 1.2.x, 1.0.6, 0.105.x, 0.104.x, and 0.103.11. The vulnerability allows remote attackers to crash ClamAV by sending a specially crafted PDF file for scanning. The crash results from an out-of-bounds read in the PDF module, which leads to a denial of service (DoS) condition.
CVE-2024-20506
The second vulnerability involved the mishandling of logfile privileges in the ClamD service modules of ClamAV. This issue, affecting the same versions as CVE-2024-20505, enables local attackers to corrupt critical system files by exploiting improper logfile handling. The flaw allows an attacker to replace the ClamD log file with a symbolic link (symlink) pointing to a system-critical file. Upon restart, ClamD appends log messages to the targeted file, potentially corrupting vital system functions. This vulnerability could allow a local attacker to overwrite arbitrary files, potentially leading to privilege escalation.
Protecting Your System
To protect your system from these vulnerabilities, it’s essential to apply the latest security updates from your Linux distribution. Many distributions, including Ubuntu, have released updates that address these issues.
For Ubuntu users, Canonical has issued necessary fixes for Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, and Ubuntu 18.04 ESM. However, it’s important to note that Ubuntu 16.04 and 18.04 have reached their end-of-life, and security support is only available through Ubuntu Pro or alternative solutions.
TuxCare’s Extended Lifecycle Support (ELS) offers an affordable option for those still using Ubuntu 16.04 or Ubuntu 18.04. ELS provides five additional years of automated vulnerability patches, ensuring that your system remains secure even after the official end-of-life. TuxCare’s ELS patches over 140 packages, including critical ones like the Linux kernel, Apache, OpenSSL, and Python.
Extended Lifecycle Support is also available for CentOS 6, CentOS 7, CentOS 8, CentOS Stream 8, Oracle Linux 6, and Oracle Linux 7.
By staying up-to-date with security patches and considering options like TuxCare’s ELS, you can help protect your system from the vulnerabilities that threaten ClamAV.
Source: USN-7011-2