Created
October 14, 2020 08:52
-
-
Save matt-clamxav/d341bd48f12a14d2147f8ce860bb36d0 to your computer and use it in GitHub Desktop.
CVE-2020-26893
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> [Suggested description] | |
> An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor | |
> could use a properly signed copy of ClamXAV 2 (running with an | |
> injected malicious dylib) to communicate with ClamXAV 3's helper tool | |
> and perform privileged operations. This occurs because of inadequate | |
> client verification in the helper tool. | |
> | |
> ------------------------------------------ | |
> | |
> [VulnerabilityType Other] | |
> Local privilege escalation | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> Canimaan Software | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> ClamXAV 3 - versions prior to 3.1.1 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> Privileged helper tool for the ClamXAV main application. | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Local | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Escalation of Privileges] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> To exploit the vulnerability an attacker needs to inject a malicious dynamic library into ClamXAV 2, | |
> whilst running a vulnerable version of ClamXAV 3's helper tool on the same machine. | |
> | |
> ------------------------------------------ | |
> | |
> [Has vendor confirmed or acknowledged the vulnerability?] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Csaba Fitzl (@theevilbit) of Offensive Security | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://github.com/theevilbit | |
> https://twitter.com/theevilbit | |
> https://clamxav.com/news/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment