Buffer overflow in Exim

Posted: November 6, 2012 in Vulnerabilities
Tags: buffer overflow, Exim, system compromise

Buffer overflow in Exim

Vulnerability: a buffer overflow in Exim

Danger: High
Patch: Yes
Quantity of vulnerabilities: 1
CVE ID: CVE-2012-5671

Impact: System Compromise
Affected products: Exim 4.x

Affected versions: Exim version 4.70 to 4.80

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to a boundary error in the function dkim_exim_query_dns_txt () in the file src / dkim.c when processing DNS records. A remote user can send a specially crafted email application vulnerabilities to cause a heap overflow in the processing of DNS requests and execute arbitrary code on the target system. Successful exploitation requires that the application was built with support for DKIM (default) and ACL “warn control = dkim_disable_verify” was disabled in “acl_smtp_connect” or “acl_smtp_rcpt”.

Manufacturer URL: www.exim.org

Solution: Update to version 4.80.1 from the manufacturer.

links:

https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook