Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1407

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-1407
Last Modified 06 Sep 2011 11:15:53
Published 16 May 2011 02:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1407

Summary

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

Vulnerable Systems

Application

  • Exim 4.70

  • Exim 4.71

  • Exim 4.72

  • Exim 4.73

  • Exim 4.74

  • Exim 4.75


References

MLIST - [exim-announce] 20110512 Exim 4.76 Release: updated impact assessment

MLIST - [exim-announce] 20110509 Exim 4.76 Release

UBUNTU - USN-1135-1

BID - 47836

DEBIAN - DSA-2236


Last Updated: 27 May 2016 10:56:18