CVE-2007-4560 : clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary command

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

Published 2007-08-28 01:17:00

Updated 2018-10-15 21:36:05

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-4560

Probability of exploitation activity in the next 30 days: 96.53%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2007-4560

ClamAV Milter Blackhole-Mode Remote Code Execution

Disclosure Date: 2007-08-24

First seen: 2020-04-26

exploit/unix/smtp/clamav_milter_blackhole

This module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' (Sendmail mail filter). Versions prior to v0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call.

More information

CVSS scores for CVE-2007-4560

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C	4.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-4560

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-4560

http://www.novell.com/linux/security/advisories/2007_18_sr.html

CVEs referencing this url
http://www.nruns.com/security_advisory_clamav_remote_code_exection.php

Patch
http://www.debian.org/security/2007/dsa-1366

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2007:172

CVEs referencing this url
http://www.securitytracker.com/id?1018610
http://www.securityfocus.com/bid/25439

ClamAV Popen Function Remote Code Execution Vulnerability
Patch
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

CVEs referencing this url
http://www.trustix.org/errata/2007/0026/

Trustix | Empowering Trust and Security in the Digital Age

CVEs referencing this url
http://docs.info.apple.com/article.html?artnum=307562

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200709-14.xml

CVEs referencing this url
http://securityreason.com/securityalert/3063
http://www.securityfocus.com/archive/1/477723/100/0/threaded
http://www.vupen.com/english/advisories/2008/0924/references

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url

Products affected by CVE-2007-4560

Clam Anti-virus » Clamav
Versions up to, including, (<=) 0.91.1
cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*
Matching versions