CVE-2004-1876

Опубликовано: 30 мар. 2004

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.

Ссылки

http://marc.info/?l=bugtraq&m=108066864608615&w=2
http://secunia.com/advisories/11253
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200405-03.xml
Patch
Vendor Advisory
http://www.securityfocus.com/bid/10007
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15692
http://marc.info/?l=bugtraq&m=108066864608615&w=2
http://secunia.com/advisories/11253
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200405-03.xml
Patch
Vendor Advisory
http://www.securityfocus.com/bid/10007
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15692

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00125

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2004-1876

debian

больше 21 года назад

The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...

GHSA-6xg8-8xmf-qghw

github

больше 3 лет назад