Check Point Advisories

Preemptive Protection against ClamAV Mail Filter Extension Code Execution Vulnerability

Check Point Reference: CPAI-2007-108
Date Published: 10 Sep 2007
Severity: Critical
Last Updated: Monday 01 January, 2007
Source: Secunia Advisory: SA26530
Industry Reference:CVE-2007-4560
Protection Provided by:
Who is Vulnerable? ClamAV Project Clam AntiVirus prior to 0.91.2
Vulnerability Description A code execution vulnerability has been reported in ClamAV AntiVirus product. Clam AntiVirus is an open source anti-virus toolkit that provides e-mail scanning on mail gateways. A remote attacker could exploit this issue to execute commands on an affected system.
Update/Patch AvaliableUpdate the Clam AntiVirus to version 0.91.2:
Clam AntiVirus
Vulnerability DetailsThe vulnerability is due to an error in Sendmail, the mail transfer agent in ClamAV, which fails to properly handle malformed recipient addresses extracted from e-mail messages. An attacker can trigger this vulnerability via a specially crafted e-mail massage only when ClamAV-milter "black hole" mode is activated. Successful exploitation may result in execution of arbitrary code on the vulnerably system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK