CVE-2009-1601

Publication date 11 May 2009

Last updated 24 July 2024

Ubuntu priority

The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
clamav	9.04 jaunty	Fixed 0.95.1+dfsg-1ubuntu1.2
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

clamav-milter initscript chowns arbitrary directories to 'clamav' user (usually '/', but could be any directory the user starts or restarts the script from)

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2009-1601