ClamAV milter popen command injection

Added: 09/06/2007
CVE: CVE-2007-4560
BID: 25439
OSVDB: 36909


ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail.


An insecure call to the popen function in clamav-milter, when running in black hole mode, allows an attacker to inject shell commands into the recipient field.


Upgrade to ClamAV 0.91.2 or higher.



Exploit works on ClamAV 0.91.1.

In order for the exploit to succeed, Sendmail must be configured to use clamav-milter, clamav-milter must be running in black hole mode, and the following utilities must be present on the target system: nc, nc6 (if using IPv6), mkfifo, sh.
Back to exploit index