Summary
Detail | |||
---|---|---|---|
Vendor | Exim | First view | 2010-06-07 |
Product | Exim | Last view | 2020-05-11 |
Version | 4.11 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:exim:exim |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2020-05-11 | CVE-2020-12783 | Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. |
7.8 | 2020-04-02 | CVE-2020-8015 | A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. |
9.8 | 2019-09-27 | CVE-2019-16928 | Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. |
9.8 | 2019-09-06 | CVE-2019-15846 | Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. |
9.8 | 2019-07-25 | CVE-2019-13917 | Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). |
9.8 | 2019-06-05 | CVE-2019-10149 | A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. |
9.8 | 2018-02-08 | CVE-2018-6789 | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. |
4 | 2017-06-19 | CVE-2017-1000369 | Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. |
5.9 | 2017-02-01 | CVE-2016-9963 | Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. |
7 | 2016-04-07 | CVE-2016-1531 | Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. |
4.6 | 2014-09-04 | CVE-2014-2972 | expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. |
6.8 | 2014-09-04 | CVE-2014-2957 | The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function. |
7.5 | 2011-10-04 | CVE-2011-1764 | Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character. |
6.9 | 2011-02-01 | CVE-2011-0017 | The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. |
6.9 | 2010-12-14 | CVE-2010-4345 | Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. |
9.3 | 2010-12-14 | CVE-2010-4344 | Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. |
4.4 | 2010-06-07 | CVE-2010-2024 | transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/. |
4.4 | 2010-06-07 | CVE-2010-2023 | transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
16% (3) | CWE-20 | Improper Input Validation |
11% (2) | CWE-362 | Race Condition |
11% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
11% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
11% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
5% (1) | CWE-404 | Improper Resource Shutdown or Release |
5% (1) | CWE-320 | Key Management Errors |
5% (1) | CWE-189 | Numeric Errors |
5% (1) | CWE-134 | Uncontrolled Format String |
5% (1) | CWE-125 | Out-of-bounds Read |
5% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
5% (1) | CWE-19 | Data Handling |
SAINT Exploits
Description | Link |
---|---|
Exim SMTP listener base64d function one-character buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
72156 | Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Form... |
70696 | Exim log.c open_log() Function Local Privilege Escalation |
69860 | Exim exim User Account Configuration File Directive Local Privilege Escalation |
69685 | Exim string_format Function Remote Overflow |
65159 | Exim transports/appendfile.c MBX Locking Race Condition Permission Modification |
65158 | Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite |
ExploitDB Exploits
id | Description |
---|---|
16925 | Exim4 <= 4.69 string_format Function Heap Buffer Overflow |
OpenVAS Exploits
id | Description |
---|---|
2012-12-13 | Name : SuSE Update for exim openSUSE-SU-2012:1404-1 (exim) File : nvt/gb_suse_2012_1404_1.nasl |
2012-07-30 | Name : CentOS Update for exim CESA-2010:0970 centos4 x86_64 File : nvt/gb_CESA-2010_0970_exim_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for exim CESA-2011:0153 centos4 x86_64 File : nvt/gb_CESA-2011_0153_exim_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for exim CESA-2011:0153 centos5 x86_64 File : nvt/gb_CESA-2011_0153_exim_centos5_x86_64.nasl |
2011-08-09 | Name : CentOS Update for exim CESA-2011:0153 centos5 i386 File : nvt/gb_CESA-2011_0153_exim_centos5_i386.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2232-1 (exim4) File : nvt/deb_2232_1.nasl |
2011-08-03 | Name : FreeBSD Ports: exim File : nvt/freebsd_exim3.nasl |
2011-05-23 | Name : Fedora Update for exim FEDORA-2011-7059 File : nvt/gb_fedora_2011_7059_exim_fc13.nasl |
2011-05-23 | Name : Fedora Update for exim FEDORA-2011-7047 File : nvt/gb_fedora_2011_7047_exim_fc14.nasl |
2011-05-17 | Name : Ubuntu Update for exim4 USN-1130-1 File : nvt/gb_ubuntu_USN_1130_1.nasl |
2011-04-19 | Name : Fedora Update for exim FEDORA-2010-12375 File : nvt/gb_fedora_2010_12375_exim_fc14.nasl |
2011-03-05 | Name : exim -- local privilege escalation File : nvt/freebsd_exim2.nasl |
2011-02-11 | Name : Ubuntu Update for exim4 vulnerabilities USN-1060-1 File : nvt/gb_ubuntu_USN_1060_1.nasl |
2011-01-31 | Name : CentOS Update for exim CESA-2010:0970 centos4 i386 File : nvt/gb_CESA-2010_0970_exim_centos4_i386.nasl |
2011-01-31 | Name : CentOS Update for exim CESA-2011:0153 centos4 i386 File : nvt/gb_CESA-2011_0153_exim_centos4_i386.nasl |
2011-01-24 | Name : FreeBSD Ports: exim File : nvt/freebsd_exim1.nasl |
2011-01-21 | Name : RedHat Update for exim RHSA-2011:0153-01 File : nvt/gb_RHSA-2011_0153-01_exim.nasl |
2011-01-04 | Name : SuSE Update for exim SUSE-SA:2010:059 File : nvt/gb_suse_2010_059.nasl |
2010-12-28 | Name : Ubuntu Update for exim4 vulnerability USN-1032-1 File : nvt/gb_ubuntu_USN_1032_1.nasl |
2010-12-28 | Name : RedHat Update for exim RHSA-2010:0970-01 File : nvt/gb_RHSA-2010_0970-01_exim.nasl |
2010-06-11 | Name : Fedora Update for exim FEDORA-2010-9524 File : nvt/gb_fedora_2010_9524_exim_fc13.nasl |
2010-06-11 | Name : Fedora Update for exim FEDORA-2010-9506 File : nvt/gb_fedora_2010_9506_exim_fc12.nasl |
2010-06-03 | Name : Exim < 4.72 RC2 Multiple Vulnerabilities File : nvt/gb_exim_4_72.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2020-04-02 | Exim unauthenticated remote code execution attempt RuleID : 53378 - Type : SERVER-OTHER - Revision : 1 |
2020-04-02 | Exim unauthenticated remote code execution attempt RuleID : 53377 - Type : SERVER-OTHER - Revision : 1 |
2020-04-02 | Exim unauthenticated remote code execution attempt RuleID : 53376 - Type : SERVER-OTHER - Revision : 1 |
2019-07-09 | Exim remote command execution attempt RuleID : 50356 - Type : SERVER-MAIL - Revision : 1 |
2018-09-18 | EHLO user overflow attempt RuleID : 47541 - Type : SERVER-MAIL - Revision : 2 |
2018-06-12 | EHLO user overflow attempt RuleID : 46610 - Type : SERVER-MAIL - Revision : 3 |
2014-01-10 | AUTH user overflow attempt RuleID : 3824 - Type : SERVER-MAIL - Revision : 16 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-03-09 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-970.nasl - Type: ACT_GATHER_INFO |
2018-03-07 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201803-01.nasl - Type: ACT_GATHER_INFO |
2018-03-06 | Name: The remote mail server is potentially affected by a buffer overflow vulnerabi... File: exim_4_90_1.nasl - Type: ACT_GATHER_INFO |
2018-02-27 | Name: The remote Fedora host is missing a security update. File: fedora_2018-5aec14e125.nasl - Type: ACT_GATHER_INFO |
2018-02-27 | Name: The remote Fedora host is missing a security update. File: fedora_2018-25a7ba3cb6.nasl - Type: ACT_GATHER_INFO |
2018-02-12 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_316b3c3e0e9811e88d4197657151f8c2.nasl - Type: ACT_GATHER_INFO |
2018-02-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4110.nasl - Type: ACT_GATHER_INFO |
2018-02-12 | Name: The remote Debian host is missing a security update. File: debian_DLA-1274.nasl - Type: ACT_GATHER_INFO |
2017-10-23 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa_10826.nasl - Type: ACT_GATHER_INFO |
2017-09-25 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201709-19.nasl - Type: ACT_GATHER_INFO |
2017-09-01 | Name: The remote Fedora host is missing a security update. File: fedora_2017-f5177f3a16.nasl - Type: ACT_GATHER_INFO |
2017-08-30 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-980.nasl - Type: ACT_GATHER_INFO |
2017-06-30 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-714.nasl - Type: ACT_GATHER_INFO |
2017-06-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-1001.nasl - Type: ACT_GATHER_INFO |
2017-06-22 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_8c1a271d56cf11e7b9fec13eb7bcbf4f.nasl - Type: ACT_GATHER_INFO |
2017-06-20 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3322-1.nasl - Type: ACT_GATHER_INFO |
2017-06-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3888.nasl - Type: ACT_GATHER_INFO |
2017-03-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-804.nasl - Type: ACT_GATHER_INFO |
2017-01-06 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3164-1.nasl - Type: ACT_GATHER_INFO |
2016-12-27 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e7002b26caaa11e6a76a9f7324e5534e.nasl - Type: ACT_GATHER_INFO |
2016-12-27 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3747.nasl - Type: ACT_GATHER_INFO |
2016-12-27 | Name: The remote Debian host is missing a security update. File: debian_DLA-762.nasl - Type: ACT_GATHER_INFO |
2016-07-21 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201607-12.nasl - Type: ACT_GATHER_INFO |
2016-03-16 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2933-1.nasl - Type: ACT_GATHER_INFO |
2016-03-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3517.nasl - Type: ACT_GATHER_INFO |