Detections
Analytics

Exim < 4.76 dkim_exim_verify_finish() DKIM-Signature Header Format String

high Nessus Plugin ID 53856

Language:

Synopsis

The remote mail server is potentially affected by a format string vulnerability.

Description

Based on its response to a specially formatted mail message, the Exim mail server listening on this port appears to be affected by a format string vulnerability. The vulnerability is due to a failure in the dkim_exim_verify_finish() function to properly sanitize format string specifiers in the DKIM-Signature header. A remote attacker can exploit this by sending a specially crafted email, resulting in the execution of arbitrary code as the Exim run-time user.

Solution

Upgrade to Exim 4.76 or later.

See Also

ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.76

https://lists.exim.org/lurker/message/20110506.112357.e99a8db1.en.html

http://bugs.exim.org/show_bug.cgi?id=1106

Plugin Details

Severity: High

ID: 53856

File Name: exim_4_76.nasl

Version: 1.15

Type: remote

Published: 5/10/2011

Updated: 7/10/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:exim:exim

Exploit Ease: No known exploits are available

Patch Publication Date: 5/6/2011

Vulnerability Publication Date: 5/6/2011

Reference Information

CVE: CVE-2011-1407, CVE-2011-1764

BID: 47736, 47836