CVE-2007-4560 - OpenCVE

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Clam Anti-virus	Clamav

Configuration 1 [-]

cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://secunia.com/advisories/26654	Vendor Advisory
http://secunia.com/advisories/26674	Vendor Advisory
http://secunia.com/advisories/26683	Vendor Advisory
http://secunia.com/advisories/26751	Vendor Advisory
http://secunia.com/advisories/26822	Vendor Advisory
http://secunia.com/advisories/26916	Vendor Advisory
http://secunia.com/advisories/29420
http://security.gentoo.org/glsa/glsa-200709-14.xml
http://securityreason.com/securityalert/3063
http://www.debian.org/security/2007/dsa-1366
http://www.mandriva.com/security/advisories?name=MDKSA-2007:172
http://www.novell.com/linux/security/advisories/2007_18_sr.html
http://www.nruns.com/security_advisory_clamav_remote_code_exection.php	Patch
http://www.securityfocus.com/archive/1/477723/100/0/threaded
http://www.securityfocus.com/bid/25439	Patch
http://www.securitytracker.com/id?1018610
http://www.trustix.org/errata/2007/0026/
http://www.vupen.com/english/advisories/2008/0924/references
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-28T01:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-08-27T00:00:00

Link: CVE-2007-4560

JSON object: View

NVD Information

Status : Modified

Published: 2007-08-28T01:17:00.000

Modified: 2018-10-15T21:36:04.763

Link: CVE-2007-4560

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200709-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"}, {"name": "3063", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3063"}, {"name": "26822", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26822"}, {"name": "26916", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26916"}, {"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"}, {"name": "26683", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26683"}, {"tags": ["x_refsource_MISC"], "url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"}, {"name": "FEDORA-2007-2050", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"}, {"name": "DSA-1366", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1366"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "2007-0026", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0026/"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29420"}, {"name": "SUSE-SR:2007:018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "26751", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26751"}, {"name": "1018610", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018610"}, {"name": "26654", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26654"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "MDKSA-2007:172", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"}, {"name": "26674", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26674"}, {"name": "25439", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25439"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200709-14", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"}, {"name": "3063", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3063"}, {"name": "26822", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26822"}, {"name": "26916", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26916"}, {"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"}, {"name": "26683", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26683"}, {"name": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php", "refsource": "MISC", "url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"}, {"name": "FEDORA-2007-2050", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"}, {"name": "DSA-1366", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1366"}, {"name": "ADV-2008-0924", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "2007-0026", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0026/"}, {"name": "29420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29420"}, {"name": "SUSE-SR:2007:018", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "26751", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26751"}, {"name": "1018610", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018610"}, {"name": "26654", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26654"}, {"name": "http://docs.info.apple.com/article.html?artnum=307562", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "MDKSA-2007:172", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"}, {"name": "26674", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26674"}, {"name": "25439", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25439"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4560", "datePublished": "2007-08-28T01:00:00", "dateReserved": "2007-08-27T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5A4D304-EEF9-46C3-B058-EC234F815824", "versionEndIncluding": "0.91.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""}, {"lang": "es", "value": "clamav-milter en ClamAV anterior a 0.91.2, cuando funciona en modo agujero negro (black hole), permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaract\u00e9res del int\u00e9rprete de comandos que es utilizado en ciertas llamadas popen, afectando a \"el campo recipiente de sendmail\"."}], "id": "CVE-2007-4560", "lastModified": "2018-10-15T21:36:04.763", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-28T01:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26654"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26674"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26683"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26751"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26822"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26916"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29420"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3063"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1366"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25439"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018610"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2007/0026/"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}