SMTP: RCPT Command Injection
This signature detects attempts to exploit a known vulnerability against multiples SMTP solutions including Clam-AV and SpamAssassin. A successful attack can lead to arbitrary code execution.
Extended Description
ClamAV is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Versions prior to ClamAV 0.91.2 are vulnerable.
Affected Products
Clam_anti-virus clamav
Short Name
SMTP:RCPT-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
CVE-2007-4560 Command Injection RCPT bid:25439
Release Date
10/19/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Suse
Apple
Trustix
Gentoo
Clam_anti-virus
Mandriva
Debian
CVSS Score
7.6