CVE-2024-20506

2024-09-0500:00:00

ubuntu.com

clamav

vulnerability

critical system files

authenticated

local attacker

symbolic link

symlink

log file

clamd process

exploit

restart

unix

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

AI Score

6.7

Confidence

Low

JSON

A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV)
versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and
prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11
and all prior versions could allow an authenticated, local attacker to
corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log
file while privileged without checking if the logfile has been replaced
with a symbolic link. An attacker could exploit this vulnerability if they
replace the ClamD log file with a symlink to a critical system file and
then find a way to restart the ClamD process. An exploit could allow the
attacker to corrupt a critical system file by appending ClamD log messages
after restart.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchclamav< anyUNKNOWN
ubuntu20.04noarchclamav< anyUNKNOWN
ubuntu22.04noarchclamav< anyUNKNOWN
ubuntu24.04noarchclamav< anyUNKNOWN
ubuntu14.04noarchclamav< anyUNKNOWN
ubuntu16.04noarchclamav< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	clamav	< any	UNKNOWN
ubuntu	20.04	noarch	clamav	< any	UNKNOWN
ubuntu	22.04	noarch	clamav	< any	UNKNOWN
ubuntu	24.04	noarch	clamav	< any	UNKNOWN
ubuntu	14.04	noarch	clamav	< any	UNKNOWN
ubuntu	16.04	noarch	clamav	< any	UNKNOWN