ClamAV CVE-2019-15961 Denial of Service Vulnerability

2019-11-2000:00:00

Symantec Security Response

www.symantec.com

JSON

Description

ClamAV is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Versions prior to ClamAV 0.102.1 and 0.101.5 are vulnerable.

Technologies Affected

Cisco ClamAV 0.100
Cisco ClamAV 0.101
Cisco ClamAV 0.101.4
Cisco ClamAV 0.102.0
Cisco ClamAV 0.97.8
Cisco ClamAV 0.98.0
Cisco ClamAV 0.98.4
Cisco ClamAV 0.98.5
Cisco ClamAV 0.98.6
Cisco ClamAV 0.98.7
Cisco ClamAV 0.99
Cisco ClamAV 0.99.2

Recommendations

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.

Do not accept or execute files from untrusted or unknown sources.
To limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.

When possible, limit the privileges granted to users to the least amount required.
Ensure that all users are granted the least amount of privileges required to successfully operate.

Updates are available. Please see the references or vendor advisory for more information.

CPENameOperatorVersion
cisco clamaveq0.98.5
cisco clamaveq0.98.0
cisco clamaveq0.97.8
cisco clamaveq0.100
cisco clamaveq0.101.4
cisco clamaveq0.101
cisco clamaveq0.98.4
cisco clamaveq0.102.0
cisco clamaveq0.98.7
cisco clamaveq0.98.6

Name	Operator	Version
cisco clamav	eq	0.98.5
cisco clamav	eq	0.98.0
cisco clamav	eq	0.97.8
cisco clamav	eq	0.100
cisco clamav	eq	0.101.4
cisco clamav	eq	0.101
cisco clamav	eq	0.98.4
cisco clamav	eq	0.102.0
cisco clamav	eq	0.98.7
cisco clamav	eq	0.98.6