This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¦ **Affected**: ClamAV versions **prior to 0.91.2**. π§ **Component**: Specifically the `clamav-milter` service when operating in **Black Hole Mode**. π’ **Vendor**: ClamAV Project.
Q4What can hackers do? (Privileges/Data)
π **Hackers' Power**: Execute **arbitrary system commands** with the privileges of the service user (often root or mail user). π **Impact**: Full server compromise, data theft, or lateral movement. π΅οΈββοΈ
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. π **Auth**: No authentication required; exploits via standard **SMTP RCPT TO** headers. βοΈ **Config**: Requires the target to be running ClamAV Milter in Black Hole Mode. π‘
π **Check**: Scan for ClamAV Milter services. π **Verify**: Check version number (`clamav-milter -v`). π« **Flag**: If version < 0.91.2 and Black Hole Mode is active, you are vulnerable. π
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: **YES**. π¦ **Patch**: Upgrade to **ClamAV 0.91.2** or later. π **Advisories**: Debian DSA-1366, Mandriva MDKSA-2007:172, Fedora FEDORA-2007-2050. π
Q9What if no patch? (Workaround)
π **Workaround**: Disable **Black Hole Mode** if not strictly necessary. π« **Filter**: Implement strict input validation on SMTP headers at the gateway level.β¦