CVE-2007-4560: CVE-2007-4560

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-4560

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

ClamAV Popen Function 远程代码执行漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ClamAV版本之前的版本0.91.2版本的clamav-milter,当在black hole mode中运行时,远程攻击者可以借助在某popen调用程序中的外壳元字符，且这些元字符涉及sendmail字段的获取"，以执行任意指令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2007-4560

#	POC Description	Source Link	Shenlong Link
1	Exploit for CVE-2007-4560 (ClamAV Milter Sendmail 0.91.2 Remote Code Execution)	https://github.com/0x1sac/ClamAV-Milter-Sendmail-0.91.2-Remote-Code-Execution	POC Details
2	Python RCE exploit for Sendmail with ClamAV-Milter <0.91.2 (CVE-2007-4560). Remote root command injection via SMTP RCPT TO headers.	https://github.com/strikoder/sendmail-clamav-exploit-CVE-2007-4560	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2007-4560

Please Login to view more intelligence information

http://docs.info.apple.com/article.html?artnum=307562x_refsource_CONFIRM
http://www.nruns.com/security_advisory_clamav_remote_code_exection.phpx_refsource_MISC
http://securityreason.com/securityalert/3063third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/26674third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26683third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26654third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26822third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/25439vdb-entryx_refsource_BID
http://secunia.com/advisories/26916third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29420third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26751third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1018610vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2007/dsa-1366vendor-advisoryx_refsource_DEBIAN
http://www.trustix.org/errata/2007/0026/vendor-advisoryx_refsource_TRUSTIX
http://www.vupen.com/english/advisories/2008/0924/referencesvdb-entryx_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200709-14.xmlvendor-advisoryx_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDKSA-2007:172vendor-advisoryx_refsource_MANDRIVA
http://www.novell.com/linux/security/advisories/2007_18_sr.htmlvendor-advisoryx_refsource_SUSE
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.htmlvendor-advisoryx_refsource_FEDORA
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlvendor-advisoryx_refsource_APPLE
http://www.securityfocus.com/archive/1/477723/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2007-4560

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2007-4560

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2007-4560

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2007-4560

III. Intelligence Information for CVE-2007-4560

New Vulnerabilities

V. Comments for CVE-2007-4560

Leave a comment