CVE-2024-20506: ClamAV Privilege Handling Escalation Vulnerability
First published: Wed Sep 04 2024(Updated: )
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/clamav | <=0.103.10+dfsg-0+deb11u1<=1.0.5+dfsg-1~deb12u1 | 1.4.1+dfsg-1 |
| ClamAV | <0.103.12 | |
| ClamAV | >=0.104.0<1.0.7 | |
| ClamAV | >=1.2.0<1.3.2 | |
| ClamAV | =1.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506
- https://nvd.nist.gov/vuln/detail/CVE-2024-20506
- https://launchpad.net/bugs/cve/CVE-2024-20506
- https://security-tracker.debian.org/tracker/CVE-2024-20506
- https://ubuntu.com/security/CVE-2024-20506
Frequently Asked Questions
What is the severity of CVE-2024-20506?
CVE-2024-20506 is rated as a high-severity vulnerability due to its potential impact on the security of affected systems.
How do I fix CVE-2024-20506?
To fix CVE-2024-20506, update ClamAV to version 1.4.1 or higher, or ensure your installation is upgraded to at least 0.103.12.
Which versions of ClamAV are affected by CVE-2024-20506?
CVE-2024-20506 affects ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, and all versions in the 0.104.x, 0.105.x series.
Can CVE-2024-20506 be exploited remotely?
CVE-2024-20506 cannot be exploited remotely; it requires an authenticated local attacker to execute an exploit.
What impact does CVE-2024-20506 have on ClamAV services?
CVE-2024-20506 can lead to a potential compromise of the ClamD service module, affecting the integrity and confidentiality of the antivirus system.
- agent/type
- agent/title
- agent/first-publish-date
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/debian
- vendor/clamav
- canonical/clamav
- version/clamav/0.104.0
- version/clamav/1.2.0
- version/clamav/1.4.0