Vulnerabilities > CVE-2006-2427 - Unspecified vulnerability in Clam Anti-Virus Clamav and Clamxav

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

clam-anti-virus

NVD

Published: 2006-05-17

Updated: 2023-11-07

Summary

freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

Vulnerable Configurations

Part	Description	Count
Application	Clam_Anti-Virus Clam Anti Virus Clamxav 1.0.3H Clam Anti Virus Clamav 0.88	2

References

http://securitytracker.com/id?1016086
http://secunia.com/advisories/20085
http://securityreason.com/securityalert/912
http://www.vupen.com/english/advisories/2006/1807
https://exchange.xforce.ibmcloud.com/vulnerabilities/26453
http://www.securityfocus.com/archive/1/434008/100/0/threaded
http://www.digitalmunition.com/DMA%5B2006-0514a%5D.txt