Intrusion Prevention

ClamAV.Mail.Filter.Crafted.Recipient.Command.Execution

Description

This indicates an attack attempt against a remote command-execution vulnerability in ClamAV.
A vulnerability has been reported in ClamAV that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the SMTP command. An attacker may include shell commands by supplying an injection string through a crafted request.

Affected Products

Clam Anti-Virus ClamAV 0.91.1
Clam Anti-Virus ClamAV 0.91
Clam Anti-Virus ClamAV 0.90.3
Clam Anti-Virus ClamAV 0.90.2
Clam Anti-Virus ClamAV 0.90.1
Clam Anti-Virus ClamAV 0.90
Clam Anti-Virus ClamAV 0.88.6
Clam Anti-Virus ClamAV 0.88.5
Clam Anti-Virus ClamAV 0.88.4
Clam Anti-Virus ClamAV 0.88.3
Clam Anti-Virus ClamAV 0.88.2
Clam Anti-Virus ClamAV 0.88.1
Clam Anti-Virus ClamAV 0.87.1
Clam Anti-Virus ClamAV 0.87 -1
Clam Anti-Virus ClamAV 0.87
Clam Anti-Virus ClamAV 0.86.2
Clam Anti-Virus ClamAV 0.86 .1
Clam Anti-Virus ClamAV 0.86
Clam Anti-Virus ClamAV 0.85.1
Clam Anti-Virus ClamAV 0.85
Clam Anti-Virus ClamAV 0.84 rc2
Clam Anti-Virus ClamAV 0.84 rc1
Clam Anti-Virus ClamAV 0.84
Clam Anti-Virus ClamAV 0.83
Clam Anti-Virus ClamAV 0.82
Clam Anti-Virus ClamAV 0.81
Clam Anti-Virus ClamAV 0.80 rc4
Clam Anti-Virus ClamAV 0.80 rc3
Clam Anti-Virus ClamAV 0.80 rc2
Clam Anti-Virus ClamAV 0.80 rc1
Clam Anti-Virus ClamAV 0.80
Clam Anti-Virus ClamAV 0.75.1
Clam Anti-Virus ClamAV 0.70
Clam Anti-Virus ClamAV 0.68 -1
Clam Anti-Virus ClamAV 0.68
Clam Anti-Virus ClamAV 0.67
Clam Anti-Virus ClamAV 0.65
Clam Anti-Virus ClamAV 0.60
Clam Anti-Virus ClamAV 0.54
Clam Anti-Virus ClamAV 0.53
Clam Anti-Virus ClamAV 0.52
Clam Anti-Virus ClamAV 0.51

Impact

System Compromise: Remote attackers can gain control of the vulnerable system.

Recommended Actions

Upgrade to the latest version, available from the following web site:
http://sourceforge.net/project/shownotes.php?release_id=533658&group_id=86638.

CVE References

CVE-2007-4560