ClamAV RAR Scanning Path Traversal Vulnerability [CVE-2019-1785]

CVE Number – CVE-2019-178


ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

A vulnerability in the Roshal Archive (RAR) scanning feature of ClamAV could allow an unauthenticated, remote attacker to conduct a directory traversal attack on a targeted system.The vulnerability is due to improper error handling by the affected software. An attacker could exploit this vulnerability by persuading a user to process a crafted RAR file on the targeted system. A successful exploit could allow the attacker to conduct a path traversal attack, which the attacker could use to access sensitive information and conduct further attacks. ClamAV has confirmed the vulnerability and released software updates.

Analysis

  • To exploit this vulnerability, the attacker may use misleading language or instructions to persuade a user to process a RAR file that submits malicious input to the targeted system. This requirement could reduce the likelihood of a successful exploit.

Safeguards

  • Administrators are advised to apply the appropriate updates.Administrators are advised to allow only trusted users to have network access.Administrators can help protect affected systems from external attacks by using a solid firewall strategy.Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.Administrators are advised to monitor affected systems.

Vendor Announcements

  • ClamAV has released a blog post at the following link: CVE-2019-1785

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: