====================================================== Name: CVE-2007-4560 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20070827 Category: Reference: BUGTRAQ:20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory Reference: URL:http://www.securityfocus.com/archive/1/archive/1/477723/100/0/threaded Reference: MISC:http://www.nruns.com/security_advisory_clamav_remote_code_exection.php Reference: BID:25439 Reference: URL:http://www.securityfocus.com/bid/25439 clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
Ping on this issue. Was this solved in https://admin.fedoraproject.org/updates/F7/clamav-0.91.2-2.fc7 this update? The changelog says: * Sat Aug 25 2007 Enrico Scholz <enrico.scholz.de> - 0.91.2-2 - fixed an open(2) issue
no, by * Sat Aug 25 2007 Enrico Scholz <enrico.scholz.de> - 0.91.2-1 - arbitrary command execution by special crafted recipients in clamav-milter's black-hole mode