ID

VAR-202006-1143


CVE

CVE-2020-3350


TITLE

Cisco AMP for Endpoints and Clam AntiVirus Race condition vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006926

DESCRIPTION

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. Cisco AMP for Endpoints is a set of terminal applications from Cisco, which integrates static and dynamic malware analysis and threat intelligence. Clam AntiVirus is an open source antivirus engine from the ClamAV team for detecting Trojans, viruses, malware and other malicious threats. ========================================================================= Ubuntu Security Notice USN-4435-2 July 27, 2020 clamav vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in ClamAV. Software Description: - clamav: Anti-virus utility for Unix Details: USN-4435-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3350) It was discovered that ClamAV incorrectly handled parsing EGG archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3481) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: clamav 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM: clamav 0.102.4+dfsg-0ubuntu0.12.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4435-2 https://usn.ubuntu.com/4435-1 CVE-2020-3327, CVE-2020-3350, CVE-2020-3481

Trust: 1.89

sources: NVD: CVE-2020-3350 // JVNDB: JVNDB-2020-006926 // VULHUB: VHN-181475 // PACKETSTORM: 158624 // PACKETSTORM: 158626

AFFECTED PRODUCTS

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:ciscomodel:advanced malware protection for endpointsscope:ltversion:1.12.4

Trust: 1.0

vendor:ciscomodel:clam antivirusscope:ltversion:0.102.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:ciscomodel:amp for endpointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:clam antivirusscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006926 // NVD: CVE-2020-3350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3350
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3350
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006926
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1135
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181475
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3350
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006926
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181475
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3350
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3350
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006926
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181475 // JVNDB: JVNDB-2020-006926 // CNNVD: CNNVD-202006-1135 // NVD: CVE-2020-3350 // NVD: CVE-2020-3350

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-181475 // JVNDB: JVNDB-2020-006926 // NVD: CVE-2020-3350

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1135

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1135

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006926

PATCH

title:cisco-sa-famp-ZEpdXyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy

Trust: 0.8

title:Cisco AMP for Endpoints and Clam AntiVirus Repair measures for the competition condition problem loopholeurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121828

Trust: 0.6

sources: JVNDB: JVNDB-2020-006926 // CNNVD: CNNVD-202006-1135

EXTERNAL IDS

db:NVDid:CVE-2020-3350

Trust: 2.7

db:PACKETSTORMid:158626

Trust: 0.8

db:JVNDBid:JVNDB-2020-006926

Trust: 0.8

db:CNNVDid:CNNVD-202006-1135

Trust: 0.7

db:NSFOCUSid:48960

Trust: 0.6

db:AUSCERTid:ESB-2020.4350

Trust: 0.6

db:AUSCERTid:ESB-2020.2114

Trust: 0.6

db:AUSCERTid:ESB-2021.0056

Trust: 0.6

db:AUSCERTid:ESB-2020.4540

Trust: 0.6

db:AUSCERTid:ESB-2020.2558

Trust: 0.6

db:AUSCERTid:ESB-2020.4412

Trust: 0.6

db:AUSCERTid:ESB-2020.2704

Trust: 0.6

db:PACKETSTORMid:158454

Trust: 0.6

db:PACKETSTORMid:158624

Trust: 0.2

db:VULHUBid:VHN-181475

Trust: 0.1

sources: VULHUB: VHN-181475 // JVNDB: JVNDB-2020-006926 // PACKETSTORM: 158624 // PACKETSTORM: 158626 // CNNVD: CNNVD-202006-1135 // NVD: CVE-2020-3350

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-famp-zepdxy

Trust: 2.3

url:https://security.gentoo.org/glsa/202007-23

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html

Trust: 1.7

url:https://usn.ubuntu.com/4435-1/

Trust: 1.7

url:https://usn.ubuntu.com/4435-2/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3350

Trust: 1.6

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ij67vh37ncg25picgwfwzhsvg7pbt7mc/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qm7exjhdezjlwm2nkh6tcdxobp5nnyin/

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3350

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ij67vh37ncg25picgwfwzhsvg7pbt7mc/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qm7exjhdezjlwm2nkh6tcdxobp5nnyin/

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2020.4350/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4412/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2114/

Trust: 0.6

url:https://packetstormsecurity.com/files/158454/clam-antivirus-toolkit-0.102.4.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4540/

Trust: 0.6

url:https://vigilance.fr/vulnerability/clamav-three-vulnerabilities-32863

Trust: 0.6

url:https://packetstormsecurity.com/files/158626/ubuntu-security-notice-usn-4435-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2558/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2704/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0056/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/48960

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-3481

Trust: 0.2

url:https://usn.ubuntu.com/4435-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-3327

Trust: 0.2

url:https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.16.04.1

Trust: 0.1

url:https://usn.ubuntu.com/4435-2

Trust: 0.1

sources: VULHUB: VHN-181475 // JVNDB: JVNDB-2020-006926 // PACKETSTORM: 158624 // PACKETSTORM: 158626 // CNNVD: CNNVD-202006-1135 // NVD: CVE-2020-3350

CREDITS

Ubuntu

Trust: 0.8

sources: PACKETSTORM: 158624 // PACKETSTORM: 158626 // CNNVD: CNNVD-202006-1135

SOURCES

db:VULHUBid:VHN-181475
db:JVNDBid:JVNDB-2020-006926
db:PACKETSTORMid:158624
db:PACKETSTORMid:158626
db:CNNVDid:CNNVD-202006-1135
db:NVDid:CVE-2020-3350

LAST UPDATE DATE

2024-08-14T12:36:04.404000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181475date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2020-006926date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1135date:2021-01-07T00:00:00
db:NVDid:CVE-2020-3350date:2023-11-07T03:22:37.050

SOURCES RELEASE DATE

db:VULHUBid:VHN-181475date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006926date:2020-07-22T00:00:00
db:PACKETSTORMid:158624date:2020-07-27T18:46:40
db:PACKETSTORMid:158626date:2020-07-27T18:46:49
db:CNNVDid:CNNVD-202006-1135date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3350date:2020-06-18T03:15:14.027