Lucene search

PRIOn knowledge basePRION:CVE-2006-2427

HistoryMay 17, 2006 - 10:06 a.m.

Design/Logic Flaw

2006-05-1710:06:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.6%

JSON

freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

CPENameOperatorVersion
clamaveq0.88
clamxaveq1.0.3104

CPE	Name	Operator	Version
	clamav	eq	0.88
	clamxav	eq	1.0.3104

References

secunia.com/advisories/20085

securityreason.com/securityalert/912

securitytracker.com/id?1016086

www.digitalmunition.com/DMA[2006-0514a].txt

www.securityfocus.com/archive/1/434008/100/0/threaded

www.vupen.com/english/advisories/2006/1807

exchange.xforce.ibmcloud.com/vulnerabilities/26453