|
Clam AntiVirus Realtime Scanning VirusEvent Security Issue
|
|
Secunia Advisory:
|
SA11253
|
|
|
Release Date:
|
2004-03-31
|
|
Popularity:
|
12,046 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
From local network
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Clam AntiVirus (clamav) 0.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
l0om has reported a security issue in Clam AntiVirus, which potentially can be exploited by malicious, local users to gain escalated privileges.
An administrative user can use the "VirusEvent" directive in "clamav.conf" to create events for the realtime scanner, which allows a specified command to be executed when a virus is detected. A "VirusEvent" may include the "%v" and "%f" specifiers, which will be substituted with the virus name and infected filename.
The problem is that no validation is performed on the infected filename before it is included and passed to the "system()" function. This can be exploited to execute arbitrary commands with the privileges of Clam AntiVirus by including these and shell meta-characters as the name of an infected file.
NOTE: No VirusEvents are defined by default and users are warned about using the "%f" specifier.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
