Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1764

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-1764
Last Modified 20 Feb 2014 11:42:00
Published 04 Oct 2011 10:56:24
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1764

Summary

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

Vulnerable Systems

Application

  • Exim 2.10

  • Exim 2.11

  • Exim 2.12

  • Exim 3.00

  • Exim 3.01

  • Exim 3.02

  • Exim 3.03

  • Exim 3.10

  • Exim 3.11

  • Exim 3.12

  • Exim 3.13

  • Exim 3.14

  • Exim 3.15

  • Exim 3.16

  • Exim 3.20

  • Exim 3.21

  • Exim 3.22

  • Exim 3.30

  • Exim 3.31

  • Exim 3.32

  • Exim 3.33

  • Exim 3.34

  • Exim 3.35

  • Exim 3.36

  • Exim 4.00

  • Exim 4.01

  • Exim 4.02

  • Exim 4.03

  • Exim 4.04

  • Exim 4.05

  • Exim 4.10

  • Exim 4.11

  • Exim 4.12

  • Exim 4.14

  • Exim 4.20

  • Exim 4.21

  • Exim 4.22

  • Exim 4.23

  • Exim 4.24

  • Exim 4.30

  • Exim 4.31

  • Exim 4.32

  • Exim 4.33

  • Exim 4.34

  • Exim 4.40

  • Exim 4.41

  • Exim 4.42

  • Exim 4.43

  • Exim 4.44

  • Exim 4.50

  • Exim 4.51

  • Exim 4.52

  • Exim 4.53

  • Exim 4.54

  • Exim 4.60

  • Exim 4.61

  • Exim 4.62

  • Exim 4.63

  • Exim 4.64

  • Exim 4.65

  • Exim 4.66

  • Exim 4.67

  • Exim 4.68

  • Exim 4.69

  • Exim 4.70

  • Exim 4.71

  • Exim 4.72

  • Exim 4.73

  • Exim 4.74

  • Exim 4.75


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=702474

CONFIRM - http://git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8

CONFIRM - http://bugs.exim.org/show_bug.cgi?id=1106

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670

DEBIAN - DSA-2232

SECUNIA - 51155

SUSE - SUSE-SR:2011:009


Last Updated: 27 May 2016 11:02:17