CVE-2009-1601

NameCVE-2009-1601
DescriptionThe Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
clamav (PTS)bullseye0.103.10+dfsg-0+deb11u1fixed
bullseye (security)1.0.9+dfsg-1~deb11u1fixed
bookworm1.0.9+dfsg-1~deb12u1fixed
forky, sid, trixie1.4.3+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
clamavsource(unstable)(not affected)

Notes

- clamav <not-affected> (Vulnerable code not present)
from what I see this code was never uploaded to the debian archive
Search for package or bug name: Reporting problems