A most serious, easily exploitable vulnerability in ClamAV versions prior to 0.91.2, recently released, could allow an attacker to compromise a system by sending an e-mail to it.

The issue is in clamav-milter, the sendmail plug-in for the anti-virus, which scans e-mail as it comes into the server. Clamav-milter doesn't properly sanitize user input. It is possible to inject shell code in the server by sending an e-mail with a specially malformed recipient field.

There are no reports of real-world exploits using this vulnerability.

Posted by Larry Seltzer on August 25, 2007 2:13 PM

http://blogs.eweek.com/cheap_hack/content/security_software/sendmail_users_update_clamav_now.html

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 ivan0914 的頭像
    ivan0914

    I'n Blog 之萬象真藏

    ivan0914 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄