exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

n.runs-SA-2007.025.txt

n.runs-SA-2007.025.txt
Posted Aug 25, 2007
Authored by Nikolaos Rangos | Site nruns.com

A remote exploitable vulnerability exists in clamav-milter when used with sendmail due to an insecure call to popen(). ClamAV versions prior to 0.91.2 are affected.

tags | advisory, remote
SHA-256 | 88430f439474ceb833877640e5ef738a4bb02bb470e976a6ef541d0b83c2d84c

n.runs-SA-2007.025.txt

Change Mirror Download
n.runs AG                      
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2007.025 24-Aug-2007

________________________________________________________________________

Vendor: ClamAV, http://www.clamav.net
Affected Products: ClamAV,
http://www.clamav.net
Vulnerability : Remote Code Execution
Risk: HIGH

________________________________________________________________________

Vendor communication:


2007/08/10 Initial notification to ClamAV
2007/08/10 ClamAV Responses
2007/08/10 PoC files sent to ClamAV
2007/08/21 ClamAV releases version 0.91.2
2007/08/24 n.runs AG releases a coordinated disclosure advisory
________________________________________________________________________

Overview:

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,
designed especially for e-mail scanning on mail gateways. It provides
a number of utilities including a flexible and scalable multi-threaded
daemon, a command line scanner and advanced tool for automatic database
updates. The core of the package is an anti-virus engine available in
a form of shared library.

Description:

A remotely exploitable vulnerability has been found in clamav-milter
when used with sendmail. In detail, the following flaw was determined:

- Arbitrary code execution due to insecure call to popen()

Impact:

This vulnerability can lead to remote code execution with root privileges.
Leading to a complete compromise of the vulnerable system.
An attacker can inject shell commands into the recipient field of sendmail,
if clamav-milter was started with the black hole mode activated.
The vulnerability is present in at least clamav version 0.91.1, prior
versions may also be affected.

Solution:
A new stable release (clamav 0.91.2) is available at the clamav website
which
fixes the vulnerability.

________________________________________________________________________


Credit:
Bugs found by Nikolaos Rangos of n.runs AG.
________________________________________________________________________


References:
http://www.clamav.net/download/sources


This Advisory and Upcoming Advisories
http://www.nruns.com/security_advisory.php
http://www.nruns.com/parsing-engines-advisories.php
________________________________________________________________________


Unaltered electronic reproduction of this advisory is permitted. For all
other reproduction or publication, in printing or otherwise, contact
securitynruns.com for permission. Use of the advisory constitutes
acceptance for use in an as is condition. All warranties are excluded. In
no event shall n.runs be liable for any damages whatsoever including direct,

indirect, incidental, consequential, loss of business profits or special
damages, even if n.runs has been advised of the possibility of such damages.




Copyright 2007 n.runs AG. All rights reserved. Terms of use apply.

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close