Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1381

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-1381
Last Modified 10 Sep 2008 03:14:26
Published 23 Dec 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1381

Summary

Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.

Vulnerable Systems

Application

  • University Of Cambridge Exim 3.35

  • University Of Cambridge Exim 3.36

  • University Of Cambridge Exim 4.10


References

GENTOO - GLSA-200212-5

CONFIRM - http://groups.yahoo.com/group/exim-users/message/42358

BUGTRAQ - 20021204 Local root vulnerability found in exim 4.x (and 3.x)

XF - exim-daemonc-format-string(10761)

BID - 6314

MLIST - [Exim] 20021204 Minor security problem in both Exim 3 and 4


Last Updated: 27 May 2016 10:37:18