The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access using the ClamAV open source software. A vulnerability in ClamAV 0.88.4 and earlier versions could allow a remote attacker to crash the scanner process using a specially crafted Compressed HTML Help (CHM) file. This file format is commonly used by Windows-based applications for on-line documentation. The Clam daemon clamd can be terminated by a file crafted to crash the module which unpacks .chm files.
In testing with a proof-of-concept exploit tool, F5 has determined that the level of risk associated with this vulnerability is low. Even if an attacker succeeds in having a malicious .chm file uploaded to the FirePass, a clamd crash will only prevent that file from reaching the user's browser. Additional uploads of additional files will be scanned by new clamd daemons.
F5 will fix this issue by upgrading to version 0.88.5 of ClamAV.
For information about this issue, refer to the following websites:
Note: The previous links take you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.
F5 Product Development tracked this issue as CR71088 and it was fixed in FirePass 6.0.1. For information about upgrading, refer to the FirePass release notes.
Additionally, a hotfix has been issued for all currently supported versions of FirePass software. Customers running 5.5.2 or 6.0 versions of FirePass software should download the latest cumulative hotfix. Customers running other versions affected by this issue should contact F5 Technical Support to request the hotfix. Include the CR number and the number of this article in your correspondence.
To view a list of the latest available hotfixes, refer to SOL10322: FirePass hotfix matrix.
For information about the F5 hotfix policy, refer to SOL4918: Overview of the F5 critical issue hotfix policy.
For instructions about how to obtain a hotfix, refer to SOL167: Downloading software from F5.
For information about installing a hotfix, refer to SOL3430: Installing hotfixes.