7.2

CVE-2006-2427

Exploit
freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Clam Anti-virusClamav Version0.88
Clam Anti-virusClamxav Version1.0.3h
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.48% 0.374
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20085
Vendor Advisory
http://securityreason.com/securityalert/912
http://securitytracker.com/id?1016086
Exploit
http://www.digitalmunition.com/DMA%5B2006-0514a%5D.txt
http://www.securityfocus.com/archive/1/434008/100/0/threaded
http://www.vupen.com/english/advisories/2006/1807
https://exchange.xforce.ibmcloud.com/vulnerabilities/26453