Buffer overflow in Exim

Posted: November 6, 2012 in Vulnerabilities
Tags: , ,

Vulnerability

Buffer overflow in Exim

Vulnerability: a buffer overflow in Exim

Danger: High
Patch: Yes
Quantity of vulnerabilities: 1
CVE ID: CVE-2012-5671

Impact: System Compromise
Affected products: Exim 4.x

Affected versions: Exim version 4.70 to 4.80

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to a boundary error in the function dkim_exim_query_dns_txt () in the file src / dkim.c when processing DNS records. A remote user can send a specially crafted email application vulnerabilities to cause a heap overflow in the processing of DNS requests and execute arbitrary code on the target system. Successful exploitation requires that the application was built with support for DKIM (default) and ACL “warn control = dkim_disable_verify” was disabled in “acl_smtp_connect” or “acl_smtp_rcpt”.

Manufacturer URL: www.exim.org

Solution: Update to version 4.80.1 from the manufacturer.

links:

https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s