This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

How to address ClamAV Vulnerability | (CVE-2023-20032 & CVE-2023-20052)

Article Number

000068107

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.7 P2

Issue

This article addresses the latest vulnerability found with ClamAV (HotFix Instructions for CVE-2023-20032 and CVE-2023-20052), The Antivirus Software that is pre-installed with the RSA Authentication Manager.
RSA Customer Advisory: ClamAV Vulnerability | (CVE-2023-20032)

Overview
The CVE-2023-20032 and CVE-2023-20052 are vulnerabilities that impact a third-party virus-scanning application pre-installed with RSA Authentication Manager. If you are not using “ClamAV” on your system, this vulnerability poses no additional risk. If necessary for compliance reasons, the ClamAV package can be safely removed. If you are using ClamAV, RSA highly recommends that you follow these instructions to manually update the “ClamAV” component as soon as possible.

 

Resolution

To remove ClamAV, perform the following steps on all Primary and Replica Servers:

1. Login to the Operations Console.
2. Verify that SSH is enabled. Enable SSH if it is not enabled.

Enable Secure Shell on the Appliance
https://community.rsa.com/t5/securid-authentication-manager/enable-secure-shell-on-the-appliance/ta-p/630093

Check if ClamAV has been run on the appliance:

1. Login to the primary Authentication Manager server as "rsaadmin" and enter the Operating System password.
2. Run the following command:
  • sudo su 
  • cd /var/lib/clamav  
  • ls -l 
3. If the directory is empty, you have not run a ClamAV scan on the appliance.

Image descriptionImage description
4. If enabled so ClamAV should be updated, if not so you can remove it easily.

RSA recommends that systems are backed-up or virtual backup images captured prior to applying any hotfix.

Removing ClamAV:

1. Login to the primary Authentication Manager server as rsaadmin and enter the Operating System password.
2. Run the following commands:
  •  sudo su -
  •  rpm -qa | grep clamav
  •  zypper remove clamav
  •  zypper se clamav
     
Image descriptionImage description
3. Repeat the above steps on all replica instances in the environment.

Updating ClamAV:

1. Download the attached clamav-0.103.8-3.24.1.rpm package placing the files in a temporary directory.
2. Copy the above RPM and Signature files to your RSA appliance using “Remote Copy” (rcp) or a tool such as “WinSCP”. 
3. log in to the primary Authentication Manager server as rsaadmin and enter the Operating System password.
4. Check ClamAV version
  • sudo su 
  • zypper info clamav

Image descriptionImage description
5. Navigate to the directory where CLamAV RPM file is copied.
6. Run the following commands:
  • sudo su 
  • cd  /var/tmp
  • ls -l
  • zypper install clamav-0.103.8-3.24.1.rpm

Image descriptionImage description
7. Verify the version:
  • zypper info clamav
 
Image descriptionImage description
8. Repeat the above steps on all replica instances in the environment.

Notes

These actions should have no impact on server operation but involve privileged access that is not without risk. RSA recommends that systems are backed-up or virtual backup images captured prior to applying any hotfix.
Attachments
clamav-0.103.8-3.24.1.x86_64.rpm
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2023-03-06 11:48 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.