CVE-2009-1601

CWE-2644 documents4 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 80.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ubuntu Linux

Timeline

PublishedMay 11

Latest updateMay 2

Description

The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages1 packages

▶NVDubuntu/linux9.04

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-646v-76hm-m37p: The Ubuntu clamav-milter↗2022-05-02

▶

CVEList

CVE-2009-1601: The Ubuntu clamav-milter↗2009-05-11

▶

📋Vendor Advisories

Debian

CVE-2009-1601: clamav - The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu...↗2009

▶