CVE-2006-2427

Name of the Vulnerable Software and Affected Versions Clam Antivirus (ClamAV) version 0.88 ClamXav versions 1.0.3h and earlier

Description The issue allows local users to read portions of arbitrary files when an error message displays the first line of the target file, due to freshclam not dropping privileges before processing the config-file command line option.

Recommendations For Clam Antivirus (ClamAV) version 0.88, consider updating to a newer version that addresses the privilege handling issue. For ClamXav versions 1.0.3h and earlier, consider updating to a newer version that addresses the privilege handling issue. As a temporary workaround, consider restricting access to the config-file command line option to minimize the risk of exploitation.