Candidate: CVE-2009-1601
PublicDate: 2009-05-11 15:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1601
 https://ubuntu.com/security/notices/USN-770-1
Description:
 The Ubuntu clamav-milter.init script in clamav-milter before
 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current
 working directory to the clamav account, which might allow local users to
 bypass intended access restrictions via read or write operations involving
 this directory.
Ubuntu-Description: 
Notes: 
 jdstrand> clamav-milter initscript chowns arbitrary directories to 'clamav'
  user (usually '/', but could be any directory the user starts or restarts
  the script from)
Bugs: 
 https://bugs.launchpad.net/ubuntu/jaunty/+source/clamav/+bug/365823
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_clamav:
upstream_clamav: released (0.95.1+dfsg-2)
dapper_clamav: not-affected
hardy_clamav: not-affected
intrepid_clamav: not-affected
jaunty_clamav: released (0.95.1+dfsg-1ubuntu1.2)
devel_clamav: not-affected