An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.
References
Link | Resource |
---|---|
https://gist.github.com/matt-clamxav/d341bd48f12a14d2147f8ce860bb36d0 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-16T12:53:54
Updated: 2020-10-16T12:53:54
Reserved: 2020-10-08T00:00:00
Link: CVE-2020-26893
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-16T13:15:11.707
Modified: 2020-10-21T13:59:20.130
Link: CVE-2020-26893
JSON object: View
Redhat Information
No data.
CWE