Exim < 4.70 string_format Function Remote Overflow

2010-12-1500:00:00

Tenable

www.tenable.com

JSON

The remote host is running Exim, a message transfer agent.

Versions of Exim earlier than 4.70 are potentially affected by a heap overflow vulnerability. By sending a specially crafted message to the server, a remote attacker can leverage this vulnerability to execute arbitrary code on the server subject to the privileges of the user running the affected application.

Binary data 5910.prm

VendorProductVersionCPE
eximeximcpe:/a:exim:exim

Vendor	Product	Version	CPE
exim	exim		cpe:/a:exim:exim

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612

bugs.exim.org/show_bug.cgi?id=787

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344

ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70

www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html

JSON