Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2022_ALAS2022-2022-063.NASL
HistorySep 06, 2022 - 12:00 a.m.

Amazon Linux 2022 : (ALAS2022-2022-063)

2022-09-0600:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-063 advisory.

  • A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. (CVE-2022-20698)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-063.
##

include('compat.inc');

if (description)
{
  script_id(164712);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/12");

  script_cve_id("CVE-2022-20698");

  script_name(english:"Amazon Linux 2022 :  (ALAS2022-2022-063)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2022 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-063 advisory.

  - A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS
    version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of
    service condition on an affected device. The vulnerability is due to improper checks that may result in an
    invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an
    affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash,
    resulting in a denial of service condition. (CVE-2022-20698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2022/ALAS-2022-063.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-20698.html");
  script_set_attribute(attribute:"solution", value:
"Run 'dnf update --releasever=2022.0.20220518 clamav' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20698");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-lib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-milter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-milter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-update");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-update-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2022");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
var os_ver = os_ver[1];
if (os_ver != "-2022")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2022", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'clamav-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-data-0.103.6-1.amzn2022', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-debuginfo-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-debuginfo-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-debuginfo-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-debugsource-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-debugsource-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-debugsource-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-devel-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-devel-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-devel-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-filesystem-0.103.6-1.amzn2022', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-lib-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-lib-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-lib-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-lib-debuginfo-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-lib-debuginfo-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-lib-debuginfo-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-milter-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-milter-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-milter-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-milter-debuginfo-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-milter-debuginfo-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-milter-debuginfo-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-update-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-update-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-update-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-update-debuginfo-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-update-debuginfo-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamav-update-debuginfo-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamd-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamd-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamd-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamd-debuginfo-0.103.6-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamd-debuginfo-0.103.6-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clamd-debuginfo-0.103.6-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var sp = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {
    if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav / clamav-data / clamav-debuginfo / etc");
}
VendorProductVersionCPE
amazonlinuxclamavp-cpe:/a:amazon:linux:clamav
amazonlinuxclamav-datap-cpe:/a:amazon:linux:clamav-data
amazonlinuxclamav-debuginfop-cpe:/a:amazon:linux:clamav-debuginfo
amazonlinuxclamav-debugsourcep-cpe:/a:amazon:linux:clamav-debugsource
amazonlinuxclamav-develp-cpe:/a:amazon:linux:clamav-devel
amazonlinuxclamav-filesystemp-cpe:/a:amazon:linux:clamav-filesystem
amazonlinuxclamav-libp-cpe:/a:amazon:linux:clamav-lib
amazonlinuxclamav-lib-debuginfop-cpe:/a:amazon:linux:clamav-lib-debuginfo
amazonlinuxclamav-milterp-cpe:/a:amazon:linux:clamav-milter
amazonlinuxclamav-milter-debuginfop-cpe:/a:amazon:linux:clamav-milter-debuginfo
Rows per page:
1-10 of 151

Related

redos 1
freebsd 1
ubuntucve 1
nessus 12
suse 1
altlinux 3
ubuntu 2
osv 3
mageia 1
cbl_mariner 2
cvelist 1
veracode 1
debiancve 1
prion 1
openvas 8
cnvd 1
cve 1
alpinelinux 1
rosalinux 1
gentoo 1
redos
redos
ROS-20220125-03
2022-01-25 00:00:00
freebsd
freebsd
clamav -- invalid pointer read that may cause a crash
2022-01-12 00:00:00
ubuntucve
ubuntucve
CVE-2022-20698
2022-01-13 00:00:00
nessus
nessus
openSUSE 15 Security Update : clamav (openSUSE-SU-2022:0493-1)
2022-02-22 00:00:00
SUSE SLES12 Security Update : clamav (SUSE-SU-2022:0358-1)
2022-02-10 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : ClamAV vulnerability (USN-5233-1)
2022-01-18 00:00:00
suse
suse
Security update for clamav (important)
2022-02-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package clamav version 0.103.5-alt1
2022-02-01 00:00:00
Security fix for the ALT Linux 9 package clamav version 0.103.5-alt1
2022-01-25 00:00:00
Security fix for the ALT Linux 10 package clamav version 0.103.5-alt1
2022-01-21 00:00:00
ubuntu
ubuntu
ClamAV vulnerability
2022-01-18 00:00:00
ClamAV vulnerability
2022-01-19 00:00:00
osv
osv
clamav vulnerability
2022-01-19 12:42:55
CVE-2022-20698
2022-01-14 06:15:09
clamav vulnerability
2022-01-18 12:24:28
mageia
mageia
Updated clamav packages fix security vulnerability
2022-01-18 22:29:46
cbl_mariner
cbl_mariner
CVE-2022-20698 affecting package clamav 0.103.2-1
2022-03-10 23:47:31
CVE-2022-20698 affecting package clamav for versions less than 0.104.2-1
2022-04-09 06:51:55
cvelist
cvelist
CVE-2022-20698 Clam AntiVirus (ClamAV) Denial of Service Vulnerability
2022-01-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-01-15 23:40:11
debiancve
debiancve
CVE-2022-20698
2022-01-14 06:15:00
prion
prion
Input validation
2022-01-14 06:15:00
openvas
openvas
Ubuntu: Security Advisory (USN-5233-1)
2022-01-19 00:00:00
openSUSE: Security Advisory for clamav (openSUSE-SU-2022:0493-1)
2022-02-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:14882-1)
2022-01-28 00:00:00
cnvd
cnvd
Clam AntiVirus Input Validation Error Vulnerability (CNVD-2022-64263)
2022-01-17 00:00:00
cve
cve
CVE-2022-20698
2022-01-14 06:15:00
alpinelinux
alpinelinux
CVE-2022-20698
2022-01-14 06:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2285
2023-10-31 14:07:18
gentoo
gentoo
ClamAV: Multiple Vulnerabilities
2023-10-01 00:00:00
JSON
Related for AL2022_ALAS2022-2022-063.NASL
redos1freebsd1ubuntucve1nessus12suse1altlinux3ubuntu2osv3mageia1cbl_mariner2cvelist1veracode1debiancve1prion1openvas8cnvd1cve1alpinelinux1rosalinux1gentoo1