Clam AntiVirus Vulnerability in ClamD Service Module Allows File Corruption
CVE-2024-20506

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Clamav
Vendor: CVE Published:; 4 September 2024

Summary

A significant security risk has been identified within the ClamD service module of Clam AntiVirus (ClamAV) which affects various versions including 1.4.0 and earlier. This vulnerability permits an authenticated, local attacker to potentially corrupt critical system files. The flaw arises from the ClamD process's ability to write to its log file while running with elevated privileges without verifying whether the log file has been replaced with a symbolic link. By substituting the ClamD log file with a symlink pointing to a vital system file, an attacker can exploit the vulnerability when the ClamD process is restarted, leading to unauthorized appending of log messages. This could endanger the integrity of essential system files, highlighting the importance of applying recommended security patches and conducting regular system audits.

Affected Version(s)

ClamAV 1.4.0

ClamAV 1.3.2

ClamAV 1.0.6

References

https://blog.clamav.net/2024/09/clamav-141-132-107-and-01...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2024