Lucene search

[email protected]NVD:CVE-2010-4344

HistoryDec 14, 2010 - 4:00 p.m.

CVE-2010-4344

2010-12-1416:00:04

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.931 High

EPSS

Percentile

99.1%

JSON

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

Affected configurations

NVD

Node

eximeximRange≤4.69

eximeximMatch2.10

eximeximMatch2.11

eximeximMatch2.12

eximeximMatch3.00

eximeximMatch3.01

eximeximMatch3.02

eximeximMatch3.03

eximeximMatch3.10

eximeximMatch3.11

eximeximMatch3.12

eximeximMatch3.13

eximeximMatch3.14

eximeximMatch3.15

eximeximMatch3.16

eximeximMatch3.20

eximeximMatch3.21

eximeximMatch3.22

eximeximMatch3.30

eximeximMatch3.31

eximeximMatch3.32

eximeximMatch3.33

eximeximMatch3.34

eximeximMatch3.35

eximeximMatch3.36

eximeximMatch4.00

eximeximMatch4.01

eximeximMatch4.02

eximeximMatch4.03

eximeximMatch4.04

eximeximMatch4.05

eximeximMatch4.10

eximeximMatch4.11

eximeximMatch4.12

eximeximMatch4.14

eximeximMatch4.20

eximeximMatch4.21

eximeximMatch4.22

eximeximMatch4.23

eximeximMatch4.24

eximeximMatch4.30

eximeximMatch4.31

eximeximMatch4.32

eximeximMatch4.33

eximeximMatch4.34

eximeximMatch4.40

eximeximMatch4.41

eximeximMatch4.42

eximeximMatch4.43

eximeximMatch4.44

eximeximMatch4.50

eximeximMatch4.51

eximeximMatch4.52

eximeximMatch4.53

eximeximMatch4.54

eximeximMatch4.60

eximeximMatch4.61

eximeximMatch4.62

eximeximMatch4.63

eximeximMatch4.64

eximeximMatch4.65

eximeximMatch4.66

eximeximMatch4.67

eximeximMatch4.68

References

ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70

atmail.com/blog/2010/atmail-6204-now-available/

bugs.exim.org/show_bug.cgi?id=787

git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b

lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html

openwall.com/lists/oss-security/2010/12/10/1

secunia.com/advisories/40019

secunia.com/advisories/42576

secunia.com/advisories/42586

secunia.com/advisories/42587

secunia.com/advisories/42589

www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html

www.debian.org/security/2010/dsa-2131

www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html

www.kb.cert.org/vuls/id/682457

www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format

www.openwall.com/lists/oss-security/2021/05/04/7

www.osvdb.org/69685

www.redhat.com/support/errata/RHSA-2010-0970.html

www.securityfocus.com/archive/1/515172/100/0/threaded

www.securityfocus.com/bid/45308

www.securitytracker.com/id?1024858

www.theregister.co.uk/2010/12/11/exim_code_execution_peril/

www.ubuntu.com/usn/USN-1032-1

www.vupen.com/english/advisories/2010/3171

www.vupen.com/english/advisories/2010/3172

www.vupen.com/english/advisories/2010/3181

www.vupen.com/english/advisories/2010/3186

www.vupen.com/english/advisories/2010/3204

www.vupen.com/english/advisories/2010/3246

www.vupen.com/english/advisories/2010/3317

bugzilla.redhat.com/show_bug.cgi?id=661756

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.931 High

EPSS

Percentile

99.1%

JSON

Related for NVD:CVE-2010-4344