This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Exim First view 2010-06-07
Product Exim Last view 2020-05-11
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:* 19
cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:* 19
cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:* 18
cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:* 18

Related : CVE

  Date Alert Description
7.5 2020-05-11 CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

7.8 2020-04-02 CVE-2020-8015

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.

9.8 2019-09-27 CVE-2019-16928

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

9.8 2019-09-06 CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

9.8 2019-07-25 CVE-2019-13917

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

9.8 2019-06-05 CVE-2019-10149

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

9.8 2018-02-08 CVE-2018-6789

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

7.5 2017-11-25 CVE-2017-16944

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.

9.8 2017-11-25 CVE-2017-16943

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.

4 2017-06-19 CVE-2017-1000369

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.

5.9 2017-02-01 CVE-2016-9963

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

7 2016-04-07 CVE-2016-1531

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.

4.6 2014-09-04 CVE-2014-2972

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

6.8 2014-09-04 CVE-2014-2957

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

6.8 2012-10-31 CVE-2012-5671

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.

7.5 2011-10-04 CVE-2011-1764

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

7.5 2011-05-16 CVE-2011-1407

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

6.9 2011-02-01 CVE-2011-0017

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

6.9 2010-12-14 CVE-2010-4345

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

9.3 2010-12-14 CVE-2010-4344

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

4.4 2010-06-07 CVE-2010-2024

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

4.4 2010-06-07 CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.

CWE : Common Weakness Enumeration

%idName
19% (4) CWE-20 Improper Input Validation
14% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (2) CWE-362 Race Condition
9% (2) CWE-264 Permissions, Privileges, and Access Controls
9% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
4% (1) CWE-416 Use After Free
4% (1) CWE-404 Improper Resource Shutdown or Release
4% (1) CWE-320 Key Management Errors
4% (1) CWE-189 Numeric Errors
4% (1) CWE-134 Uncontrolled Format String
4% (1) CWE-125 Out-of-bounds Read
4% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
4% (1) CWE-19 Data Handling

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:13736 USN-1060-1 -- exim4 vulnerabilities
oval:org.mitre.oval:def:22059 RHSA-2010:0970: exim security update (Critical)
oval:org.mitre.oval:def:13170 USN-1032-1 -- exim4 vulnerability
oval:org.mitre.oval:def:23061 ELSA-2010:0970: exim security update (Critical)
oval:org.mitre.oval:def:21735 RHSA-2011:0153: exim security update (Moderate)
oval:org.mitre.oval:def:12720 DSA-2131-1 exim4 -- arbitrary code execution
oval:org.mitre.oval:def:22839 ELSA-2011:0153: exim security update (Moderate)
oval:org.mitre.oval:def:12931 DSA-2154-1 exim4 -- privilege escalation
oval:org.mitre.oval:def:12692 DSA-2154-2 exim4 -- privilege escalation / regression
oval:org.mitre.oval:def:13499 USN-1135-1 -- exim4 vulnerability
oval:org.mitre.oval:def:12805 DSA-2236-1 exim4 -- command injection
oval:org.mitre.oval:def:14030 USN-1130-1 -- exim4 vulnerability
oval:org.mitre.oval:def:12038 DSA-2232-1 exim4 -- format string vulnerability
oval:org.mitre.oval:def:19926 DSA-2566-1 exim4 - heap overflow
oval:org.mitre.oval:def:17931 USN-1618-1 -- exim4 vulnerability

SAINT Exploits

Description Link
Exim SMTP listener base64d function one-character buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

id Description
72642 Exim DKIM Identity Lookup Item Remote Code Execution
72156 Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Form...
70696 Exim log.c open_log() Function Local Privilege Escalation
69860 Exim exim User Account Configuration File Directive Local Privilege Escalation
69685 Exim string_format Function Remote Overflow
65159 Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
65158 Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite

ExploitDB Exploits

id Description
16925 Exim4 <= 4.69 string_format Function Heap Buffer Overflow

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-13 Name : SuSE Update for exim openSUSE-SU-2012:1404-1 (exim)
File : nvt/gb_suse_2012_1404_1.nasl
2012-11-02 Name : Fedora Update for exim FEDORA-2012-17085
File : nvt/gb_fedora_2012_17085_exim_fc16.nasl
2012-11-02 Name : Fedora Update for exim FEDORA-2012-17044
File : nvt/gb_fedora_2012_17044_exim_fc17.nasl
2012-10-29 Name : Ubuntu Update for exim4 USN-1618-1
File : nvt/gb_ubuntu_USN_1618_1.nasl
2012-10-29 Name : Debian Security Advisory DSA 2566-1 (exim4)
File : nvt/deb_2566_1.nasl
2012-10-29 Name : FreeBSD Ports: exim
File : nvt/freebsd_exim4.nasl
2012-07-30 Name : CentOS Update for exim CESA-2011:0153 centos5 x86_64
File : nvt/gb_CESA-2011_0153_exim_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for exim CESA-2010:0970 centos4 x86_64
File : nvt/gb_CESA-2010_0970_exim_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for exim CESA-2011:0153 centos4 x86_64
File : nvt/gb_CESA-2011_0153_exim_centos4_x86_64.nasl
2011-08-09 Name : CentOS Update for exim CESA-2011:0153 centos5 i386
File : nvt/gb_CESA-2011_0153_exim_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2236-1 (exim4)
File : nvt/deb_2236_1.nasl
2011-08-03 Name : Debian Security Advisory DSA 2232-1 (exim4)
File : nvt/deb_2232_1.nasl
2011-08-03 Name : FreeBSD Ports: exim
File : nvt/freebsd_exim3.nasl
2011-06-03 Name : Ubuntu Update for exim4 USN-1135-1
File : nvt/gb_ubuntu_USN_1135_1.nasl
2011-05-23 Name : Fedora Update for exim FEDORA-2011-7059
File : nvt/gb_fedora_2011_7059_exim_fc13.nasl
2011-05-23 Name : Fedora Update for exim FEDORA-2011-7047
File : nvt/gb_fedora_2011_7047_exim_fc14.nasl
2011-05-17 Name : Ubuntu Update for exim4 USN-1130-1
File : nvt/gb_ubuntu_USN_1130_1.nasl
2011-04-19 Name : Fedora Update for exim FEDORA-2010-12375
File : nvt/gb_fedora_2010_12375_exim_fc14.nasl
2011-03-05 Name : exim -- local privilege escalation
File : nvt/freebsd_exim2.nasl
2011-02-11 Name : Ubuntu Update for exim4 vulnerabilities USN-1060-1
File : nvt/gb_ubuntu_USN_1060_1.nasl
2011-01-31 Name : CentOS Update for exim CESA-2011:0153 centos4 i386
File : nvt/gb_CESA-2011_0153_exim_centos4_i386.nasl
2011-01-31 Name : CentOS Update for exim CESA-2010:0970 centos4 i386
File : nvt/gb_CESA-2010_0970_exim_centos4_i386.nasl
2011-01-24 Name : FreeBSD Ports: exim
File : nvt/freebsd_exim1.nasl
2011-01-21 Name : RedHat Update for exim RHSA-2011:0153-01
File : nvt/gb_RHSA-2011_0153-01_exim.nasl
2011-01-04 Name : SuSE Update for exim SUSE-SA:2010:059
File : nvt/gb_suse_2010_059.nasl

Snort® IPS/IDS

Date Description
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53378 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53377 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53376 - Type : SERVER-OTHER - Revision : 1
2019-09-26 Exim malformed BDAT code execution attempt
RuleID : 51301 - Type : SERVER-OTHER - Revision : 1
2019-07-09 Exim remote command execution attempt
RuleID : 50356 - Type : SERVER-MAIL - Revision : 1
2018-09-18 EHLO user overflow attempt
RuleID : 47541 - Type : SERVER-MAIL - Revision : 2
2018-06-12 EHLO user overflow attempt
RuleID : 46610 - Type : SERVER-MAIL - Revision : 3
2018-01-03 Exim malformed BDAT code execution attempt
RuleID : 45046 - Type : SERVER-OTHER - Revision : 5
2014-01-10 AUTH user overflow attempt
RuleID : 3824 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Exim DKIM decoding buffer overflow attempt
RuleID : 25333 - Type : PROTOCOL-DNS - Revision : 7

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-03-09 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-970.nasl - Type: ACT_GATHER_INFO
2018-03-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201803-01.nasl - Type: ACT_GATHER_INFO
2018-03-06 Name: The remote mail server is potentially affected by a buffer overflow vulnerabi...
File: exim_4_90_1.nasl - Type: ACT_GATHER_INFO
2018-02-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5aec14e125.nasl - Type: ACT_GATHER_INFO
2018-02-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-25a7ba3cb6.nasl - Type: ACT_GATHER_INFO
2018-02-12 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_316b3c3e0e9811e88d4197657151f8c2.nasl - Type: ACT_GATHER_INFO
2018-02-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4110.nasl - Type: ACT_GATHER_INFO
2018-02-12 Name: The remote Debian host is missing a security update.
File: debian_DLA-1274.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-0053bb9719.nasl - Type: ACT_GATHER_INFO
2017-12-26 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-932.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1342.nasl - Type: ACT_GATHER_INFO
2017-12-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-0032baa7d7.nasl - Type: ACT_GATHER_INFO
2017-12-01 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_75dd622cd5fd11e7b9fec13eb7bcbf4f.nasl - Type: ACT_GATHER_INFO
2017-12-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4053.nasl - Type: ACT_GATHER_INFO
2017-11-30 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3499-1.nasl - Type: ACT_GATHER_INFO
2017-11-29 Name: The remote mail server is potentially affected by a remote code execution flaw.
File: exim_bdat_chunk_uaf.nasl - Type: ACT_GATHER_INFO
2017-11-28 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3493-1.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa_10826.nasl - Type: ACT_GATHER_INFO
2017-09-25 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201709-19.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f5177f3a16.nasl - Type: ACT_GATHER_INFO
2017-08-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-980.nasl - Type: ACT_GATHER_INFO
2017-06-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-714.nasl - Type: ACT_GATHER_INFO
2017-06-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1001.nasl - Type: ACT_GATHER_INFO
2017-06-22 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8c1a271d56cf11e7b9fec13eb7bcbf4f.nasl - Type: ACT_GATHER_INFO
2017-06-20 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3322-1.nasl - Type: ACT_GATHER_INFO