Lucene search

[email protected]CVE-2006-2427

HistoryMay 17, 2006 - 10:06 a.m.

CVE-2006-2427

2006-05-1710:06:00

[email protected]

web.nvd.nist.gov

cve-2006-2427

clam antivirus

clamxav

privilege escalation

file reading vulnerability

local vulnerability

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.8%

JSON

freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

Affected configurations

NVD

Node

clam_anti-virusclamavMatch0.88

clam_anti-virusclamxavMatch1.0.3h

CPENameOperatorVersion
clam_anti-virus:clamavclam anti-virus clamaveq0.88
clam_anti-virus:clamxavclam anti-virus clamxaveq1.0.3h

CPE	Name	Operator	Version
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.88
clam_anti-virus:clamxav	clam anti-virus clamxav	eq	1.0.3h

References

secunia.com/advisories/20085

securityreason.com/securityalert/912

securitytracker.com/id?1016086

www.digitalmunition.com/DMA%5B2006-0514a%5D.txt

www.securityfocus.com/archive/1/434008/100/0/threaded

www.vupen.com/english/advisories/2006/1807

exchange.xforce.ibmcloud.com/vulnerabilities/26453

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2006-2427

nvd1 ubuntucve1 cvelist1 debiancve1 prion1