F5F5:K7983K7983 : ClamAV NULL dereference vulnerability - CVE-2007-4510
Security Advisory Description
Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.
F5 products and versions that have been evaluated for this Security Advisory
| Product | Affected | Not Affected |
|---|---|---|
| BIG-IP LTM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP GTM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP ASM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP Link Controller | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP WebAccelerator | None | 9.x |
| 10.x | ||
| 11.x |
BIG-IP PSM
| None| 9.x
10.x
11.x
BIG-IP WAN Optimization| None| 10.x
11.x
BIG-IP APM| None| 10.x
11.x
BIG-IP Edge Gateway| None| 10.x
11.x
BIG-IP Analytics| None| 11.x
BIG-IP AFM| None| 11.x
BIG-IP PEM
| None| 11.x
FirePass| 5.0.0 - 5.5.2
6.0.0 - 6.0.1 | 6.0.2 - 6.0.3
6.1.x
7.x
Enterprise Manager| None| 1.x
2.x
3.x
The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access > Content Inspection page, through the Enable Standalone virus Scanner option button.
A vulnerability in ClamAV versions prior to version 0.91.2 could allow a remote attacker to crash the scanner process remotely using either a specially crafted file in Rich Text Format (RTF) or a specially crafted HTML file containing a data: URI.
By crashing the scanner process (clamd daemon), a Denial of Service condition could be created which could prevent the FirePass controller from scanning other files, or prevent subsequent file transfers through Portal Access.
F5 will address this issue by providing a hotfix which updates your FirePass controller to version 0.91.2 of ClamAV.
Information about this issue is available at the following location:
<https://vulners.com/cve/CVE-2007-4510>
F5 Product Development tracked this issue as CR86313 for FirePass, and it was fixed in FirePass 6.0.2. For information about upgrading, refer to the FirePass release notes.
Additionally, hotfix HF-86313-1 (ClamAV version 0.91.2 hotfix) has been issued for all currently supported versions of FirePass software. You may download this hotfix or a later version of the ClamAV hotfix from the F5 Downloads site.
For instructions about how to obtain a hotfix, refer to K167: Downloading software from F5.
Related
