CVE Vulnerabilities

CVE-2004-1876

Published: Mar 30, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The %f feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.

Affected Software

Name Vendor Start Version End Version
Clamav Clam_anti-virus 0.51 (including) 0.51 (including)
Clamav Clam_anti-virus 0.52 (including) 0.52 (including)
Clamav Clam_anti-virus 0.53 (including) 0.53 (including)
Clamav Clam_anti-virus 0.54 (including) 0.54 (including)
Clamav Clam_anti-virus 0.60 (including) 0.60 (including)
Clamav Clam_anti-virus 0.65 (including) 0.65 (including)
Clamav Clam_anti-virus 0.67 (including) 0.67 (including)
Clamav Clam_anti-virus 0.68 (including) 0.68 (including)
Clamav Clam_anti-virus 0.68.1 (including) 0.68.1 (including)

References