Main Vulnerability Database Vulnerabilities #VU45039

Input validation error in Exim - CVE-2011-1407

Published: May 16, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45039

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-1407

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Exim

Affected software:
Exim

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

How to mitigate CVE-2011-1407

Install update from vendor's website.

Sources

http://www.debian.org/security/2011/dsa-2236
http://www.securityfocus.com/bid/47836
http://www.ubuntu.com/usn/USN-1135-1
https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html
https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html

Input validation error in Exim - CVE-2011-1407

Detailed vulnerability description

How to mitigate CVE-2011-1407

Sources

Please verify you're human