html exploit: sbopkg chromium-31.0.1650.57

////// · 11-27-2014, 03:12 AM

clamav found Html.Exploit.CVE_2014_6342 from sbopkg chromium-31.0.1650.57
i uploaded it (browser_resources.pak) to virustotal and there were just one positive (clamav).

i suspect that it is false positive.

https://www.virustotal.com/en/file/c...ae33/analysis/

edit: the file is uploaded to this site :
http://wikisend.com/download/651328/..._resources.pak

ponce · 11-27-2014, 04:11 AM

I've run freshclam and scanned the chromium source and the package generated by the script on SBo (built everything on slackware64-14.1) with clamav-0.98.4 and found nothing.

I've catched the occasion to upgrade clamav to 0.98.5 on SBo's git (will be in the main repository at the next merge)

http://slackbuilds.org/cgit/slackbui...afe784738c143a

P.S. I don't have that file at all, neither in the sources nor in the package, so I cannot understand where it came from.

I downloaded it from where you hosted, scanned it with clamav-0.98.5 and

Code:

# clamscan ../Download/browser_resources.pak 
../Download/browser_resources.pak: Html.Exploit.CVE_2014_6342 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3694636
Engine version: 0.98.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 1.00 MB
Data read: 2.96 MB (ratio 0.34:1)
Time: 8.487 sec (0 m 8 s)

////// · 11-27-2014, 04:41 AM

i believe clamav found it from /tmp/SBo/chromium-31.0.1650.57
i dont know the full path where it found it.

i did some googling while i was writing the above, i found it from /tmp/SBo/chromium-31.0.1650.57/out/Release/obj/gen/chrome

ponce · 11-27-2014, 04:46 AM

it seems an intermediate building file: stuff inside it is repacked in the final package, so if anything is found neither there nor in the sources I suppose it's a false positive.