CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
Low
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV)
versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and
prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11
and all prior versions could allow an authenticated, local attacker to
corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log
file while privileged without checking if the logfile has been replaced
with a symbolic link. An attacker could exploit this vulnerability if they
replace the ClamD log file with a symlink to a critical system file and
then find a way to restart the ClamD process. An exploit could allow the
attacker to corrupt a critical system file by appending ClamD log messages
after restart.