000030697 - Vulnerabilities in Clam AV with RSA Authentication Manager SP1 P3 - False Positives

Document created by RSA Customer Support Employee on Jun 14, 2016
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000030697
Applies ToRSA Authentication Manager 7.1.4
RSA Authentication Manager Appliance 3.0.4
RSA Authentication Manager 8.x

 
OSrPath Linux
-or-
SUSE Linux Entrprise Server - SLES 11.3 with patches
CVE IDCVE 2015-2170, CVE 2015-2221, CVE 2015-2222, CVE 2015-2668
Scanning Tool and Versionnone
Article SummaryIssues identified in the Clam AV scanner
Alert ImpactNot Exploitable
Technical DetailsThe flaw exists but it is not exploitable
Technical Details Explanation
ID and DescriptionResponse and Analysis
CVE-2015-2170
    
   The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
    
   CVSS v2 Base Score: 5.0
    
    
Response: The flaw exists but cannot be exploited.
    
   The RSA Authentication Manager 8.1 appliance does not use upx encoded, packed executables.
  
   AM 7.1.4 and Appliance 3.0.4 do not include Clam AV.
CVE-2015-2221
    
   ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.
    
   CVSS v2 Base Score: 5.0
    
Response: The flaw exists but cannot be exploited.
    
   The RSA Authentication Manager 8.1 appliance does not use the Yoda Cryptor for upx encoded, packed executables or its component y0da cyptor files.
  
   AM 7.1.4 and Appliance 3.0.4 do not include Clam AV.
CVE-2015-2222
    
   ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
    
   CVSS v2 Base Score: 5.0
    
Response: The flaw exists but cannot be exploited.
    
   The RSA Authentication Manager 8.1 appliance does not use Petite encoded packed executables.
  
   AM 7.1.4 and Appliance 3.0.4 do not include Clam AV.
CVE-2015-2668
    
   ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
    
   CVSS v2 Base Score: 5.0
    
Response: The flaw exists but cannot be exploited.
    
   The RSA Authentication Manager 8.1 appliance does not use xz format encrypted, compressed files.
  
   AM 7.1.4 and Appliance 3.0.4 do not include Clam AV.
    
Notes

The ClamAV Anti-Virus scanner is frequently used on file servers and “on mail servers as a server-side email virus scanner” to look for malicious software passing through the server before it reaches the Windows client system.  The RSA Authentication Manager should never be re-configured to perform additional services such as a file or mail server which allow for the easy transference of files to the AM server.  The AM server is a single purpose, hardened appliance and not a multi-user or general-purpose server.

 

Files should not be transferred to the AM server except as specified in the documentation or as required by RSA Customer Support.  And certainly there should be no unauthorized transfer of files on to the AM appliance from untrusted sources.  Please refer to the “RSA Authentication Manager 8.1 Security Configuration Guide” for more information.

 

Note that by default, the ClamAV process is not running on the appliance and has no impact on any of the AM features.
 

 

Disclaimer

Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Corporation distributes RSA Security Advisories, in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Attachments

    Outcomes