Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2427

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-2427
Last Modified 07 Mar 2011 09:36:11
Published 17 May 2006 06:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-2427

Summary

freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

Vulnerable Systems

Application

  • Clam Anti-virus Clamav 0.88

  • Clam Anti-virus Clamxav 1.0.3h


References

VUPEN - ADV-2006-1807

BUGTRAQ - 20060515 DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop'

MISC - http://www.digitalmunition.com/DMA[2006-0514a].txt

SECTRACK - 1016086

SECUNIA - 20085

XF - clamxav-freshclam-insecure-privileges(26453)

SREASON - 912


Last Updated: 27 May 2016 10:42:28