CVE-2007-6595 — Link Following in Anti-virus Clamav

CWE-59 — Link Following7 documents7 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 85.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedDec 31

Latest updateMay 1

Description

ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianclamav/clamav< 0.92.1~dfsg-1+3

▶NVDclam_anti-virus/clamav0.92

🔴Vulnerability Details

GHSA

GHSA-cmgp-37ph-2ph7: ClamAV 0↗2022-05-01

▶

OSV

CVE-2007-6595: ClamAV 0↗2007-12-31

▶

CVEList

CVE-2007-6595: ClamAV 0↗2007-12-31

▶

📋Vendor Advisories

Debian

CVE-2007-6595: clamav - ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack...↗2007

▶

Red Hat

clamav insecure /tmp file use↗

▶

💬Community

Bugzilla

CVE-2007-6595 clamav insecure /tmp file use↗2008-01-02

▶