Lucene search

K

AttackerKBAKB:B894338F-1778-4FF3-B7C6-27DA4D47DE9A

HistoryDec 14, 2010 - 12:00 a.m.

CVE-2010-4344

2010-12-1400:00:00

attackerkb.com

26

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.931 High

EPSS

Percentile

99.1%

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

atmail.com/blog/2010/atmail-6204-now-available

atmail.com/blog/2010/atmail-6204-now-available/

bugs.exim.org/show_bug.cgi?id=787

git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b

lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html

openwall.com/lists/oss-security/2010/12/10/1

secunia.com/advisories/40019

secunia.com/advisories/42576

secunia.com/advisories/42586

secunia.com/advisories/42587

secunia.com/advisories/42589

www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html

www.debian.org/security/2010/dsa-2131

www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html

www.kb.cert.org/vuls/id/682457

www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format

www.openwall.com/lists/oss-security/2021/05/04/7

www.osvdb.org/69685

www.redhat.com/support/errata/RHSA-2010-0970.html

www.securityfocus.com/archive/1/515172/100/0/threaded

www.securityfocus.com/bid/45308

www.securitytracker.com/id?1024858

www.theregister.co.uk/2010/12/11/exim_code_execution_peril

www.theregister.co.uk/2010/12/11/exim_code_execution_peril/

www.ubuntu.com/usn/USN-1032-1

www.vupen.com/english/advisories/2010/3171

www.vupen.com/english/advisories/2010/3172

www.vupen.com/english/advisories/2010/3181

www.vupen.com/english/advisories/2010/3186

www.vupen.com/english/advisories/2010/3204

www.vupen.com/english/advisories/2010/3246

www.vupen.com/english/advisories/2010/3317

access.redhat.com/errata/RHSA-2010:0970

access.redhat.com/security/cve/CVE-2010-4344

bugzilla.redhat.com/show_bug.cgi?id=661756

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.931 High

EPSS

Percentile

99.1%

Related for AKB:B894338F-1778-4FF3-B7C6-27DA4D47DE9A