Detections
Analytics
Exim string_format Function Remote Overflow
high Nessus Plugin ID 51179
Language:
Synopsis
The remote service has a buffer overflow.Description
A heap overflow vulnerability exists in the version of exim installed on the remote host.By sending a specially crafted message to the server, a remote attacker can leverage this vulnerability to execute arbitrary code on the server with the privilege of the exim server. A separate vulnerability that Nessus didn't test for, CVE-2010-4345, is often used to elevate the exim user to root access.
Note that Nessus checked for this vulnerability by sending a specially crafted packet and checking the response, without crashing the service.
All 4.6x versions 4.69-9 and below are known to be affected, and others may be as well.
Solution
Upgrade to version 4.70 as it addresses the issue.See Also
https://bugs.exim.org/show_bug.cgi?id=787
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612
https://lists.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
Plugin Details
Severity: High
ID: 51179
File Name: exim_string_vformat.nasl
Version: 1.19
Type: remote
Family: SMTP problems
Published: 12/15/2010
Updated: 4/25/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2010-4344
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:exim:exim
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 12/8/2008
Vulnerability Publication Date: 12/10/2010
CISA Known Exploited Vulnerability Due Dates: 4/15/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Exim4 string_format Function Heap Buffer Overflow)
Reference Information
CVE: CVE-2010-4344
BID: 45308