Vulnerability in N/a
CVE-2007-4560
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
EPSS: 0.883 (99.5th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
- STK-Security/sendmail-clamav-exploit-CVE-2007-4560
- strikoder/sendmail-clamav-exploit-CVE-2007-4560
- 0x1sac/ClamAV-Milter-Sendmail-0.91.2-Remote-Code-Execution
- rapid7/metasploit-framework
- Mr-Tree-S/POC_
- Sic4rio/-Sendmail-with-clamav-milter-0.91.2---Remote-Command-Execution
- ARPSyndicate/cve-scores
- ARPSyndicate/cvemon
References
- GLSA-200709-14 (vendor-advisory, x_refsource_GENTOO)
- 3063 (x_refsource_SREASON, third-party-advisory)
- 26822 (x_refsource_SECUNIA, third-party-advisory)
- 26916 (x_refsource_SECUNIA, third-party-advisory)
- 20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory (mailing-list, x_refsource_BUGTRAQ)
- 26683 (x_refsource_SECUNIA, third-party-advisory)
- www.nruns.com/security_advisory_clamav_remote_code_exection.php (x_refsource_MISC)
- FEDORA-2007-2050 (x_refsource_FEDORA, vendor-advisory)
- DSA-1366 (vendor-advisory, x_refsource_DEBIAN)
- ADV-2008-0924 (vdb-entry, x_refsource_VUPEN)
Frequently asked questions
- What is CVE-2007-4560?
- CVE-2007-4560 is a vulnerability in N/a. Published 2007-08-28.
- Is CVE-2007-4560 known to be exploited?
- 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.