6.1 CVE-2024-20506
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
https://nvd.nist.gov/vuln/detail/CVE-2024-20506
Categories
CWE-754
References
af854a3a-2127-422b-91ae-364da2661108
psirt@cisco.com
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* | < 0.103.12 | |
| cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* | >= 0.104.0 | < 1.0.7 |
| cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* | >= 1.2.0 | < 1.3.2 |
| cpe:2.3:a:clamav:clamav:1.4.0:*:*:*:*:*:*:* | ||
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
