The %f feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Clamav | Clam_anti-virus | 0.51 (including) | 0.51 (including) |
Clamav | Clam_anti-virus | 0.52 (including) | 0.52 (including) |
Clamav | Clam_anti-virus | 0.53 (including) | 0.53 (including) |
Clamav | Clam_anti-virus | 0.54 (including) | 0.54 (including) |
Clamav | Clam_anti-virus | 0.60 (including) | 0.60 (including) |
Clamav | Clam_anti-virus | 0.65 (including) | 0.65 (including) |
Clamav | Clam_anti-virus | 0.67 (including) | 0.67 (including) |
Clamav | Clam_anti-virus | 0.68 (including) | 0.68 (including) |
Clamav | Clam_anti-virus | 0.68.1 (including) | 0.68.1 (including) |