Published: 28/08/2007 Updated: 15/10/2018

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

VMScore: 776

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

clamav-milter in ClamAV prior to 0.91.2, when run in black hole mode, allows remote malicious users to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

Vulnerable Product	Search on Vulmon	Subscribe to Product
clam anti-virus clamav

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4510 It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service CVE-2007-4560 It was d ...

## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Msf: ...

## # $Id: clamav_milter_blackholerb 10617 2010-10-09 06:55:52Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core ...

### black-holepl ### Sendmail w/ clamav-milter Remote Root Exploit ### Copyright (c) 2007 Eliteboy ######################################################## use IO::Socket; print "Sendmail w/ clamav-milter Remote Root Exploit\n"; print "Copyright (C) 2007 Eliteboy\n"; if ($#ARGV != 0) {print "Give me a host to connect\n";exit;} print "Attacking ...

Exploit for CVE-2007-4560 (ClamAV Milter Sendmail 0.91.2 Remote Code Execution)

ClamAV-Milter-Sendmail-0912-Remote-Code-Execution Exploit for CVE-2007-4560 (ClamAV Milter Sendmail 0912 Remote Code Execution) The exploit is for educational purposes only and should not be used for malicious purposes

Sendmail with clamav-milter < 0.91.2 - Remote Command Execution Python Exploit

-Sendmail-with-clamav-milter-0912---Remote-Command-Execution Sendmail with clamav-milter < 0912 - Remote Command Execution Python Exploit Clam AntiVirus 'clamav-milter' Remote Code Execution Exploit This Python script exploits a vulnerability in the Clam AntiVirus suite 'clamav-milter' (Sendmail mail filter) The vulnerability exists in versions p

CWE-78 http://www.nruns.com/security_advisory_clamav_remote_code_exection.php http://www.securityfocus.com/bid/25439 http://www.debian.org/security/2007/dsa-1366 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html http://security.gentoo.org/glsa/glsa-200709-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:172 http://www.novell.com/linux/security/advisories/2007_18_sr.html http://www.trustix.org/errata/2007/0026/http://www.securitytracker.com/id?1018610 http://secunia.com/advisories/26674 http://secunia.com/advisories/26654 http://secunia.com/advisories/26683 http://secunia.com/advisories/26751 http://secunia.com/advisories/26822 http://secunia.com/advisories/26916 http://securityreason.com/securityalert/3063 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.vupen.com/english/advisories/2008/0924/references http://www.securityfocus.com/archive/1/477723/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1366 https://github.com/0x1sac/ClamAV-Milter-Sendmail-0.91.2-Remote-Code-Execution https://www.exploit-db.com/exploits/9913/

CVE-2007-4560

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect