Vulnerability Details CVE-2004-1876
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.9%
CVSS Severity
CVSS v2 Score 4.6
References
- http://marc.info/?l=bugtraq&m=108066864608615&w=2
- http://secunia.com/advisories/11253
- http://security.gentoo.org/glsa/glsa-200405-03.xml
- http://www.securityfocus.com/bid/10007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15692
- http://marc.info/?l=bugtraq&m=108066864608615&w=2
- http://secunia.com/advisories/11253
- http://security.gentoo.org/glsa/glsa-200405-03.xml
- http://www.securityfocus.com/bid/10007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15692
Products affected by CVE-2004-1876
-
cpe:2.3:a:clam_anti-virus:clamav:0.51
-
cpe:2.3:a:clam_anti-virus:clamav:0.52
-
cpe:2.3:a:clam_anti-virus:clamav:0.53
-
cpe:2.3:a:clam_anti-virus:clamav:0.54
-
cpe:2.3:a:clam_anti-virus:clamav:0.60
-
cpe:2.3:a:clam_anti-virus:clamav:0.65
-
cpe:2.3:a:clam_anti-virus:clamav:0.67
-
cpe:2.3:a:clam_anti-virus:clamav:0.68
-
cpe:2.3:a:clam_anti-virus:clamav:0.68.1