ClamAV milter popen command injection

Added: 09/06/2007
CVE: CVE-2007-4560
BID: 25439
OSVDB: 36909

Background

ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail.

Problem

An insecure call to the popen function in clamav-milter, when running in black hole mode, allows an attacker to inject shell commands into the recipient field.

Resolution

Upgrade to ClamAV 0.91.2 or higher.

References

http://www.securityfocus.com/archive/1/477723

Limitations

Exploit works on ClamAV 0.91.1.

In order for the exploit to succeed, Sendmail must be configured to use clamav-milter, clamav-milter must be running in black hole mode, and the following utilities must be present on the target system: nc, nc6 (if using IPv6), mkfifo, sh.
Back to exploit index