Clam Anti-Virus ClamAV Mac OS X Command Execution Vulnerability

Clam Anti-Virus ClamAV Mac OS X Command Execution Vulnerability

Clam Anti-Virus ClamAV running on Mac OS X is affected by a command-execution vulnerability.

Reportedly, when the application handles a suspected infected file, it cannot be removed. The application may attempt to copy the file to another location using the Mac OS X 'ditto' utility. Since the 'ditto' utility is called in an insecure manner and since the responsible function fails to sanitize the filename, an attacker can include arbitrary commands in the filename that will be executed in the context of ClamAV.

An attacker can exploit this issue to gain unauthorized access to an affected computer. Note that exploitation is possible only when a malicious file is copied.

ClamAV versions 0.80rc4 to 0.84rc2 are affected by this issue.