
Buffer overflow in Exim
Vulnerability: a buffer overflow in Exim
Danger: High
Patch: Yes
Quantity of vulnerabilities: 1
CVE ID: CVE-2012-5671
Impact: System Compromise
Affected products: Exim 4.x
Affected versions: Exim version 4.70 to 4.80
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused due to a boundary error in the function dkim_exim_query_dns_txt () in the file src / dkim.c when processing DNS records. A remote user can send a specially crafted email application vulnerabilities to cause a heap overflow in the processing of DNS requests and execute arbitrary code on the target system. Successful exploitation requires that the application was built with support for DKIM (default) and ACL “warn control = dkim_disable_verify” was disabled in “acl_smtp_connect” or “acl_smtp_rcpt”.
Manufacturer URL: www.exim.org
Solution: Update to version 4.80.1 from the manufacturer.
links:
https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html