OpenCVE

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Clam Anti-virus	Clamav

Configuration 1 [-]

cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://secunia.com/advisories/26654
http://secunia.com/advisories/26674
http://secunia.com/advisories/26683
http://secunia.com/advisories/26751
http://secunia.com/advisories/26822
http://secunia.com/advisories/26916
http://secunia.com/advisories/29420
http://security.gentoo.org/glsa/glsa-200709-14.xml
http://securityreason.com/securityalert/3063
http://www.debian.org/security/2007/dsa-1366
http://www.mandriva.com/security/advisories?name=MDKSA-2007:172
http://www.novell.com/linux/security/advisories/2007_18_sr.html
http://www.nruns.com/security_advisory_clamav_remote_code_exection.php
http://www.securityfocus.com/archive/1/477723/100/0/threaded
http://www.securityfocus.com/bid/25439
http://www.securitytracker.com/id?1018610
http://www.trustix.org/errata/2007/0026/
http://www.vupen.com/english/advisories/2008/0924/references
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-28T01:00:00

Updated: 2024-08-07T15:01:09.618Z

Reserved: 2007-08-27T00:00:00

Link: CVE-2007-4560

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-28T01:17:00.000

Modified: 2018-10-15T21:36:04.763

Link: CVE-2007-4560

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200709-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"}, {"name": "3063", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3063"}, {"name": "26822", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26822"}, {"name": "26916", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26916"}, {"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"}, {"name": "26683", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26683"}, {"tags": ["x_refsource_MISC"], "url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"}, {"name": "FEDORA-2007-2050", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"}, {"name": "DSA-1366", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1366"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "2007-0026", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0026/"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29420"}, {"name": "SUSE-SR:2007:018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "26751", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26751"}, {"name": "1018610", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018610"}, {"name": "26654", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26654"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "MDKSA-2007:172", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"}, {"name": "26674", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26674"}, {"name": "25439", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25439"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200709-14", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"}, {"name": "3063", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3063"}, {"name": "26822", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26822"}, {"name": "26916", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26916"}, {"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"}, {"name": "26683", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26683"}, {"name": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php", "refsource": "MISC", "url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"}, {"name": "FEDORA-2007-2050", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"}, {"name": "DSA-1366", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1366"}, {"name": "ADV-2008-0924", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "2007-0026", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0026/"}, {"name": "29420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29420"}, {"name": "SUSE-SR:2007:018", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "26751", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26751"}, {"name": "1018610", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018610"}, {"name": "26654", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26654"}, {"name": "http://docs.info.apple.com/article.html?artnum=307562", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "MDKSA-2007:172", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"}, {"name": "26674", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26674"}, {"name": "25439", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25439"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:09.618Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-200709-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"}, {"name": "3063", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3063"}, {"name": "26822", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26822"}, {"name": "26916", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26916"}, {"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"}, {"name": "26683", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26683"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"}, {"name": "FEDORA-2007-2050", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"}, {"name": "DSA-1366", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1366"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "2007-0026", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2007/0026/"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29420"}, {"name": "SUSE-SR:2007:018", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "26751", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26751"}, {"name": "1018610", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018610"}, {"name": "26654", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26654"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "MDKSA-2007:172", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"}, {"name": "26674", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26674"}, {"name": "25439", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25439"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4560", "datePublished": "2007-08-28T01:00:00", "dateReserved": "2007-08-27T00:00:00", "dateUpdated": "2024-08-07T15:01:09.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5A4D304-EEF9-46C3-B058-EC234F815824", "versionEndIncluding": "0.91.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""}, {"lang": "es", "value": "clamav-milter en ClamAV anterior a 0.91.2, cuando funciona en modo agujero negro (black hole), permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaract\u00e9res del int\u00e9rprete de comandos que es utilizado en ciertas llamadas popen, afectando a \"el campo recipiente de sendmail\"."}], "id": "CVE-2007-4560", "lastModified": "2018-10-15T21:36:04.763", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-28T01:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26654"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26674"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26683"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26751"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26822"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26916"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29420"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3063"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1366"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25439"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018610"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2007/0026/"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}