CVE-2007-4560

Description

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

How to fix CVE-2007-4560

To remediate CVE-2007-4560, upgrade the affected package to a fixed version below.

• Debian/clamav—upgrade to 0.91.2-1~volatile1 or later

Is CVE-2007-4560 being exploited?

Likely — EPSS is 88.3%, placing CVE-2007-4560 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 0.91.2-1~volatile1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-4560