ClamAV Vulnerability Could Allow Arbitrary Command Execution
CVE-2024-20328
Summary
A vulnerability in the VirusEvent feature of ClamAV allows a local attacker to inject arbitrary commands with the application service account privileges due to unsafe handling of file names. The vulnerability affects multiple versions of ClamAV and can be exploited by configuring the VirusEvent feature in the conf file. The exploitation of this vulnerability has not been reported in the wild, and ClamAV has released software updates to address this issue. The vulnerability allows users to execute commands in the context of the user running the ClamAV application, making it crucial to update to the fixed versions of the software to mitigate the risk.
Affected Version(s)
ClamAV = 1.2.0
ClamAV = 1.2.1
News Articles
AttackerKBCVE-2024-20328CVE-2024-20328 | AttackerKB
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service ac…
9 months ago
dayzerosecCVE-2024-20328ClamAV Not So Calm [CVE-2024-20328]
A pretty classic command injection vulnerability but in ClamAV. Often seen (in my experience) running on mail-servers to scan incoming email attachments. When a virus is detected `clamd` will execute a command: ``` VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v in %f" ``` Where `...
9 months ago
securityonline.infoCVE-2024-20328No Click Required: PoC Available for ClamAV Command Injection Bug (CVE-2024-20328)
A PoC for CVE-2024-20328, a critical vulnerability in ClamAV, that allows remote code execution, was published
11 months ago
References
CVSS V3.1
Timeline
Vulnerability published
- 📰
First article discovered by securityonline.info
Vulnerability Reserved