Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Clam AntiVirus Vendors:
Clam AntiVirus clamav-milter for sendmail Unsafe popen() Call Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018610
SecurityTracker URL:
CVE Reference:   CVE-2007-4560   (Links to External Site)
Updated:  Mar 26 2008
Original Entry Date:  Aug 27 2007
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.91.2
Description:   A vulnerability was reported in Clam AntiVirus in clamav-milter when used with sendmail. A remote user can execute arbitrary code on the target system.

clamav-milter makes an unsafe popen() function call. A remote user can create an e-mail message with a specially crafted recipient address. When the message is processed by the target system, arbitrary code will be executed with root privileges.

If clamav-milter was started with the black hole mode activated, the system is vulnerable.

The vendor was notified on August 10, 2007.

Nikolaos Rangos of n.runs AG discovered this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system with root privileges.
Solution:   The vendor has issued a fixed version (0.91.2).
Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-disclosure] n.runs-SA-2007.025 - ClamAV Remote Code Execution

n.runs AG                                           security(at)
n.runs-SA-2007.025                                           24-Aug-2007


Vendor:                 ClamAV,
Affected Products:      ClamAV, 
Vulnerability :         Remote Code Execution
Risk:                   HIGH 


Vendor communication: 

  2007/08/10 Initial notification to ClamAV 
  2007/08/10 ClamAV Responses 
  2007/08/10 PoC files sent to ClamAV 
  2007/08/21 ClamAV releases version 0.91.2
  2007/08/24 n.runs AG releases a coordinated disclosure advisory 


Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,
designed especially for e-mail scanning on mail gateways. It provides
a number of utilities including a flexible and scalable multi-threaded
daemon, a command line scanner and advanced tool for automatic database
updates. The core of the package is an anti-virus engine available in
a form of shared library.


A remotely exploitable vulnerability has been found in clamav-milter
when used with sendmail. In detail, the following flaw was determined:

- Arbitrary code execution due to insecure call to popen()


This vulnerability can lead to remote code execution with root privileges.
Leading to a complete compromise of the vulnerable system.
An attacker can inject shell commands into the recipient field of sendmail,
if clamav-milter was started with the black hole mode activated.
The vulnerability is present in at least clamav version 0.91.1, prior
versions may also be affected.

A new stable release (clamav 0.91.2) is available at the clamav website
fixes the vulnerability.


Bugs found by Nikolaos Rangos of n.runs AG. 


This Advisory and Upcoming Advisories 

Unaltered electronic reproduction of this advisory is permitted. For all 
other reproduction or publication, in printing or otherwise, contact for permission. Use of the advisory constitutes 
acceptance for use in an as is condition. All warranties are excluded. In 
no event shall n.runs be liable for any damages whatsoever including direct,

indirect, incidental, consequential, loss of business profits or special 
damages, even if n.runs has been advised of the possibility of such damages.

Copyright 2007 n.runs AG. All rights reserved. Terms of use apply. 

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC