Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-42y1-2bsj-afbn |
|---|
| Summary | clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail." |
|---|
| Aliases |
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
|
|---|
| References |
|
|---|
| Weaknesses |
|
|---|
| Exploits |
| 0 |
| date_added |
2007-12-20 |
| description |
Sendmail with clamav-milter < 0.91.2 - Remote Command Execution |
| required_action |
null |
| due_date |
null |
| notes |
null |
| known_ransomware_campaign_use |
true |
| source_date_published |
2007-12-21 |
| exploit_type |
remote |
| platform |
multiple |
| source_date_updated |
2016-12-04 |
| data_source |
Exploit-DB |
| source_url |
|
|
| 1 |
| date_added |
null |
| description |
This module exploits a flaw in the Clam AntiVirus suite 'clamav-milter'
(Sendmail mail filter). Versions prior to v0.92.2 are vulnerable.
When implemented with black hole mode enabled, it is possible to execute
commands remotely due to an insecure popen call. |
| required_action |
null |
| due_date |
null |
| notes |
Reliability:
- unknown-reliability
Stability:
- unknown-stability
SideEffects:
- unknown-side-effects
|
| known_ransomware_campaign_use |
false |
| source_date_published |
2007-08-24 |
| exploit_type |
null |
| platform |
Unix |
| source_date_updated |
null |
| data_source |
Metasploit |
| source_url |
https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/smtp/clamav_milter_blackhole.rb |
|
|
|---|
| Severity_range_score | null |
|---|
| Exploitability | null |
|---|
| Weighted_severity | null |
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-42y1-2bsj-afbn |
|---|