CVE-2024-20506

2024-09-0422:15:04

Debian Security Bug Tracker

security-tracker.debian.org

clam antivirus

clamd service

vulnerability

local attacker

corrupt

critical system files

symlink

logfile

restart

unix

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

AI Score

6.7

Confidence

Low

JSON

A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.

The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.

OSVersionArchitecturePackageVersionFilename
Debian12allclamav<= 1.0.5+dfsg-1~deb12u1clamav_1.0.5+dfsg-1~deb12u1_all.deb
Debian11allclamav<= 0.103.10+dfsg-0+deb11u1clamav_0.103.10+dfsg-0+deb11u1_all.deb
Debian999allclamav<= 1.3.1+dfsg-5clamav_1.3.1+dfsg-5_all.deb
Debian13allclamav<= 1.3.1+dfsg-5clamav_1.3.1+dfsg-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	clamav	<= 1.0.5+dfsg-1~deb12u1	clamav_1.0.5+dfsg-1~deb12u1_all.deb
Debian	11	all	clamav	<= 0.103.10+dfsg-0+deb11u1	clamav_0.103.10+dfsg-0+deb11u1_all.deb
Debian	999	all	clamav	<= 1.3.1+dfsg-5	clamav_1.3.1+dfsg-5_all.deb
Debian	13	all	clamav	<= 1.3.1+dfsg-5	clamav_1.3.1+dfsg-5_all.deb