Vulnerability Details : CVE-2007-4560
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
At least one public exploit which can be used to exploit this vulnerability exists!
Exploit prediction scoring system (EPSS) score for CVE-2007-4560
Probability of exploitation activity in the next 30 days: 96.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2007-4560
-
ClamAV Milter Blackhole-Mode Remote Code Execution
Disclosure Date : 2007-08-24exploit/unix/smtp/clamav_milter_blackholeThis module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' (Sendmail mail filter). Versions prior to v0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call. Authors: - aushack <[email protected]>
CVSS scores for CVE-2007-4560
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
[email protected] |
CWE ids for CVE-2007-4560
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: [email protected] (Primary)
References for CVE-2007-4560
- http://www.novell.com/linux/security/advisories/2007_18_sr.html
-
http://www.nruns.com/security_advisory_clamav_remote_code_exection.php
Patch
- http://www.debian.org/security/2007/dsa-1366
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:172
-
http://www.securitytracker.com/id?1018610
-
http://www.securityfocus.com/bid/25439
Patch
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://www.trustix.org/errata/2007/0026/
- http://docs.info.apple.com/article.html?artnum=307562
- http://security.gentoo.org/glsa/glsa-200709-14.xml
-
http://securityreason.com/securityalert/3063
-
http://www.securityfocus.com/archive/1/477723/100/0/threaded
- http://www.vupen.com/english/advisories/2008/0924/references
Products affected by CVE-2007-4560
- cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*