Rapid7 Vulnerability & Exploit Database

USN-770-1: ClamAV vulnerability

Back to Search

USN-770-1: ClamAV vulnerability

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
05/04/2009
Created
07/25/2018
Added
05/04/2009
Modified
07/09/2020

Description

A flaw was discovered in the clamav-milter initscript which caused theownership of the current working directory to be changed to the 'clamav'user. This update attempts to repair the incorrect ownership for standardsystem directories, but it is recommended that the following command beperformed to report any other directories that may be affected: $ sudo find -H / -type d -user clamav \! -group clamav 2>/dev/null Systems configured to run clamav as a user other than the default 'clamav'user will need to adjust the above command accordingly. The problem can be corrected by updating your system to the following package version: To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system upgrade is sufficient to effect thenecessary changes. LP: 365823

Solution(s)

  • ubuntu-upgrade-clamav-milter

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;