CVE Vulnerabilities

CVE-2004-1876

Published: Mar 30, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The %f feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.

Affected Software

Name Vendor Start Version End Version
Clamav Clam_anti-virus 0.51 0.51
Clamav Clam_anti-virus 0.52 0.52
Clamav Clam_anti-virus 0.53 0.53
Clamav Clam_anti-virus 0.54 0.54
Clamav Clam_anti-virus 0.60 0.60
Clamav Clam_anti-virus 0.65 0.65
Clamav Clam_anti-virus 0.67 0.67
Clamav Clam_anti-virus 0.68 0.68
Clamav Clam_anti-virus 0.68.1 0.68.1

References