CVE-2009-1601

EUVD-2009-1596
The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
ubuntulinux
9.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
clamav
bookworm
1.0.5+dfsg-1~deb12u1
fixed
bullseye
0.103.10+dfsg-0+deb11u1
fixed
sid
1.4.1+dfsg-1
fixed
trixie
1.4.1+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
clamav
dapper
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
Fixed 0.95.1+dfsg-1ubuntu1.2
released
Common Weakness Enumeration
References
http://secunia.com/advisories/35000
http://www.securityfocus.com/bid/34818
http://www.ubuntu.com/usn/USN-770-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/50311
https://launchpad.net/bugs/365823
http://secunia.com/advisories/35000
http://www.securityfocus.com/bid/34818
http://www.ubuntu.com/usn/USN-770-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/50311
https://launchpad.net/bugs/365823