oss-sec mailing list archives

CVE Request: clamav-milter on Ubuntu

From: Jamie Strandboge <jamie () canonical com>
Date: Fri, 1 May 2009 09:17:24 -0500

Due to a typo, the clamav-milter initscript would change the owner of
the current directory to clamav (or whatever User is set to in
clamd.conf). This typically affects the '/' directory, but could affect
any directory on the system. This is all documented in the Ubuntu bug[1].

This was introduced in this commit:
http://git.debian.org/?p=pkg-clamav/clamav.git;a=commitdiff;h=c4e1bf5d98637c0219852eaac768170bf8aef2fc;hp=5a2b5013440c4b81d0eb3233072c88564a15fc5d

0.95.1+dfsg-1ubuntu1 and 0.95.1+dfsg-1ubuntu1.1 on Ubuntu 9.04 are
affected, but earlier versions are not. It looks like Debian never
released with this code, and version 0.95.1+dfsg-2 (in Debian/unstable)
is not affected. Derivatives of Ubuntu 9.04 are presumably affected.

Can we get a CVE for this?

Jamie

[1] https://bugs.launchpad.net/bugs/365823

-- 
Jamie Strandboge             | http://www.canonical.com

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE Request: clamav-milter on Ubuntu Jamie Strandboge (May 01)
- Re: CVE Request: clamav-milter on Ubuntu Steven M. Christey (May 21)