ClamAV clamav-milter black-hole-mode Sendmail Recipient Field Arbitrary Command Execution
High Nessus Plugin ID 29830
The remote mail server allows execution of arbitrary commands.
The remote host appears to be running a version of Clamav-milter, a filter for sendmail, configured with '--black-hole-mode' that fails to sanitize recipient addresses of shell metacharacters before using them in a call to 'popen()' to determine whether to discard incoming messages. An unauthenticated, remote attacker can leverage this issue to execute arbitrary code, typically as root.