Showing 1 - 4 of 4

CVE-2007-4560

Status Candidate

Overview

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

Related Files

ClamAV Milter Blackhole-Mode Remote Code Execution: Posted Oct 28, 2009; Authored by patrick | Site metasploit.com; This Metasploit module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' (Sendmail mail filter). Versions prior to 0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call.; tags | exploit; advisories | CVE-2007-4560; SHA-256 | 043b522739cdc7453582b55c2d84f10b6d62ae02178d5c618b7212a148347eb0; Download | Favorite | View

Gentoo Linux Security Advisory 200709-14: Posted Sep 21, 2007; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200709-14 - Nikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitized before being used in a call to popen() when executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference errors exist within the cli_scanrtf() function in libclamav/rtf.c and Stefanos Stamatis discovered a NULL-pointer dereference vulnerability within the cli_html_normalise() function in libclamav/htmlnorm.c (CVE-2007-4510). Versions less than 0.91.2 are affected.; tags | advisory; systems | linux, gentoo; advisories | CVE-2007-4510, CVE-2007-4560; SHA-256 | f5268da5fa00432a3fdf6c08174761a93c9465ba542aa5f73fb11dc7a3e3149b; Download | Favorite | View

Debian Linux Security Advisory 1366-1: Posted Sep 5, 2007; Authored by Debian | Site debian.org; Debian Security Advisory 1366-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service. It was discovered clamav-milter performs insufficient input sanitizing, resulting in the execution of arbitrary shell commands.; tags | advisory, remote, denial of service, arbitrary, shell, vulnerability, virus; systems | linux, debian; advisories | CVE-2007-4510, CVE-2007-4560; SHA-256 | b06c4e0dd93c458e138d0d2355636fbefd8be0625630bb3c894bb98ccedb7088; Download | Favorite | View

Mandriva Linux Security Advisory 2007.172: Posted Sep 1, 2007; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference. A vulnerability in clamav-milter, when run in black hole mode, could allow remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call.; tags | advisory, remote, denial of service, arbitrary, shell; systems | linux, mandriva; advisories | CVE-2007-4510, CVE-2007-4560; SHA-256 | 0a2279cffb8c552d518235b4df6e04d3598081371d8c3cac9e1d45ee0597176a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 240 files
indoushka 173 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,209)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,823)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,848)
UNIX (9,455)
UnixWare (188)
Windows (6,772)
Other

CVE-2007-4560

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems