Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4560

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2007-4560
Last Modified 07 Mar 2011 09:58:47
Published 27 Aug 2007 09:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2007-4560

Summary

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

Vulnerable Systems

Application

  • Clam Anti-virus Clamav 0.91.1


References

BID - 25439

MISC - http://www.nruns.com/security_advisory_clamav_remote_code_exection.php

FEDORA - FEDORA-2007-2050

VUPEN - ADV-2008-0924

TRUSTIX - 2007-0026

SECTRACK - 1018610

BUGTRAQ - 20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory

SUSE - SUSE-SR:2007:018

MANDRIVA - MDKSA-2007:172

DEBIAN - DSA-1366

SREASON - 3063

GENTOO - GLSA-200709-14

SECUNIA - 26916

SECUNIA - 26822

SECUNIA - 26751

SECUNIA - 26683

SECUNIA - 26674

SECUNIA - 26654

SECUNIA - 29420

APPLE - APPLE-SA-2008-03-18

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)


Last Updated: 27 May 2016 10:45:54