Lucene search

K
cve[email protected]CVE-2017-1000369
HistoryJun 19, 2017 - 4:29 p.m.

CVE-2017-1000369

2017-06-1916:29:00
CWE-404
web.nvd.nist.gov
274
exim
arbitrary code execution
cve-2017-1000369
security vulnerability
nvd
patch

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

Exim supports the use of multiple ā€œ-pā€ command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.

Affected configurations

NVD
Node
eximeximRangeā‰¤4.87.1
OR
eximeximMatch4.88-
OR
eximeximMatch4.88rc1
OR
eximeximMatch4.88rc2
OR
eximeximMatch4.88rc3
OR
eximeximMatch4.88rc4
OR
eximeximMatch4.88rc5
OR
eximeximMatch4.88rc6
OR
eximeximMatch4.89-
OR
eximeximMatch4.89rc1
OR
eximeximMatch4.89rc2
OR
eximeximMatch4.89rc3
OR
eximeximMatch4.89rc4
OR
eximeximMatch4.89rc5
OR
eximeximMatch4.89rc6
OR
eximeximMatch4.89rc7
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%