CVSS Severity (version 2.0):
CVSS v2 Base Score:
Impact Subscore: 10.0
Exploitability Subscore: 3.1
CVSS Version 2 Metrics:
Access Vector: Locally exploitable
Access Complexity: Low
Authentication: Required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
A clean install of clamav-milter (0.95.1+dfsg-1ubuntu1.1) causes the root directory to become owned by the clamav user.
This was witnessed breaking ssh chroot environment.
- purge any existing clamav-milter installation, make sure you don't have any old /etc/init.d/clamav-milter init script around
- check root directory's owner (should be root:root)
- sudo apt-get install clamav-milter (the last one in Jaunty is 0.95.1+dfsg-1ubuntu1.1)
- after installing the package, clamav-milter will start automatically (at least 'init.d/clamav-milter start' will execute)
- check the root directory's owner: