Main Vulnerability Database Vulnerabilities #VU45039

#VU45039 Input validation error in Exim - CVE-2011-1407

Published: May 16, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45039

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-1407

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Exim

Software vendor:
Exim

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

Remediation

Install update from vendor's website.

External links

http://www.debian.org/security/2011/dsa-2236
http://www.securityfocus.com/bid/47836
http://www.ubuntu.com/usn/USN-1135-1
https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html
https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html

#VU45039 Input validation error in Exim - CVE-2011-1407

Description

Remediation

External links

Please verify you're human