OSVDB ID: 36909

Title: ClamAV clamav-milter Sendmail Recipient Field Arbitrary Command Execution

Info

Disclosure

Aug 24, 2007

Discovery

Aug 10, 2007

Dates

Exploit

Unknown

Solution

Aug 24, 2007

Description

A code execution flaw exists in clamav-milter. The popen() call fails to validate data supplied via the 'RCPT TO:' field resulting in code execution. With a specially crafted email, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local / Remote
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Patch, Upgrade
Exploit: Exploit Available
Disclosure: Vendor Verified

Solution

Upgrade to version 0.91.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Clam AntiVirus

0.91.1

References

Security Tracker: 1018610
CVE ID: 2007-4560 (see also: NVD)
Bugtraq ID: 25439
Secunia Advisory ID: 26530 26552 26654 26674 26683 26751 26822 29420
Related OSVDB ID: 36910
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0409.html
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=307562
Other Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:172
http://kolab.org/security/kolab-vendor-notice-17.txt
http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00007.html
http://sourceforge.net/project/shownotes.php?release_id=533658&group_id=86638
http://www.debian.org/security/2007/dsa-1366
http://www.mandriva.com/security/advisories?name=MDKSA-2007:172
http://www.novell.com/linux/security/advisories/2007_18_sr.html
http://www.nruns.com/security_advisory_clamav_remote_code_exection.php
http://www.trustix.org/errata/2007/0026/
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.h ......
Keyword: n.runs-SA-2007.025

Credit

Nikolaos Rangos - securitynruns.com - n.runs

Direct URL: http://osvdb.org/36218