SOL7983 - ClamAV NULL dereference vulnerability - CVE-2007-4510

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access > Content Inspection page, through the Enable Standalone virus Scanner option button.

A vulnerability in ClamAV versions prior to version 0.91.2 could allow a remote attacker to crash the scanner process remotely using either a specially crafted file in Rich Text Format (RTF) or a specially crafted HTML file containing a data: URI.

By crashing the scanner process (clamd daemon), a Denial of Service condition could be created which could prevent the FirePass controller from scanning other files, or prevent subsequent file transfers through Portal Access.

F5 will address this issue by providing a hotfix which updates your FirePass controller to version 0.91.2 of ClamAV.

Information about this issue is available at the following location:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510&gt;

F5 Product Development tracked this issue as CR86313 for FirePass, and it was fixed in FirePass 6.0.2. For information about upgrading, refer to the FirePass release notes.

Additionally, hotfix HF-86313-1 (ClamAV version 0.91.2 hotfix) has been issued for all currently supported versions of FirePass software. You may download this hotfix or a later version of the ClamAV hotfix from the F5 Downloads site.

For instructions about how to obtain a hotfix, refer to SOL167: Downloading software from F5.