libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Clamav | Clam_anti-virus | 0.90 (including) | 0.90 (including) |
Clamav | Clam_anti-virus | 0.90.1 (including) | 0.90.1 (including) |
Clamav | Clam_anti-virus | 0.90.2 (including) | 0.90.2 (including) |
Clamav | Clam_anti-virus | 0.90_rc1.1 (including) | 0.90_rc1.1 (including) |
Clamav | Clam_anti-virus | 0.90_rc2 (including) | 0.90_rc2 (including) |
Clamav | Clam_anti-virus | 0.90_rc3 (including) | 0.90_rc3 (including) |