Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5671

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-5671
Last Modified 18 Apr 2013 11:26:35
Published 31 Oct 2012 12:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5671

Summary

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.

Vulnerable Systems

Application

  • Exim 4.70

  • Exim 4.71

  • Exim 4.72

  • Exim 4.73

  • Exim 4.74

  • Exim 4.75

  • Exim 4.76

  • Exim 4.77

  • Exim 4.80


References

MLIST - [exim-announce] 20121026 Exim 4.80.1 Security Release

XF - exim-dkimeximquerydnstxt-bo(79615)

UBUNTU - USN-1618-1

BID - 56285

MLIST - [oss-security] 20121027 CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow

DEBIAN - DSA-2566

SECUNIA - 51098

OSVDB - 86616

SUSE - openSUSE-SU-2012:1404

SECUNIA - 51153

SECUNIA - 51115

FEDORA - FEDORA-2012-17085

FEDORA - FEDORA-2012-17044

FEDORA - FEDORA-2012-16899

SECUNIA - 51155


Last Updated: 27 May 2016 10:49:48