ClamAV RAR Scanning Path Traversal Vulnerability [CVE-2019-1785]
CVE Number – CVE-2019-178
ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
A vulnerability in the Roshal Archive (RAR) scanning feature of ClamAV could allow an unauthenticated, remote attacker to conduct a directory traversal attack on a targeted system.The vulnerability is due to improper error handling by the affected software. An attacker could exploit this vulnerability by persuading a user to process a crafted RAR file on the targeted system. A successful exploit could allow the attacker to conduct a path traversal attack, which the attacker could use to access sensitive information and conduct further attacks. ClamAV has confirmed the vulnerability and released software updates.
Analysis
- To exploit this vulnerability, the attacker may use misleading language or instructions to persuade a user to process a RAR file that submits malicious input to the targeted system. This requirement could reduce the likelihood of a successful exploit.
Safeguards
- Administrators are advised to apply the appropriate updates.Administrators are advised to allow only trusted users to have network access.Administrators can help protect affected systems from external attacks by using a solid firewall strategy.Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.Administrators are advised to monitor affected systems.
Vendor Announcements
- ClamAV has released a blog post at the following link: CVE-2019-1785
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.