CVE-2006-2427

Publication date 17 May 2006

Last updated 17 July 2025

Ubuntu priority

freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
clamav	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

fujitsu

We don't ship freshclam set[gu]id.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2006-2427