Bug 1858261 (CVE-2020-3350) - CVE-2020-3350 clamav: malicious user exploit to replace scan target's directory with symlink
Summary: CVE-2020-3350 clamav: malicious user exploit to replace scan target's directo...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2020-3350
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1858262 1858263
Blocks: 1858267
TreeView+ depends on / blocked
 
Reported: 2020-07-17 11:36 UTC by Dhananjay Arunesh
Modified: 2020-07-21 19:28 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-07-21 19:28:11 UTC


Attachments (Terms of Use)

Description Dhananjay Arunesh 2020-07-17 11:36:03 UTC
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.

References:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy

Comment 1 Dhananjay Arunesh 2020-07-17 11:36:58 UTC
Created clamav tracking bugs for this issue:

Affects: epel-all [bug 1858263]
Affects: fedora-all [bug 1858262]

Comment 2 Product Security DevOps Team 2020-07-21 19:28:11 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-3350


Note You need to log in before you can comment on or make changes to this bug.