Lucene search
Copyright (c) 2011 E-Soft Inc. http://www.securityspace.comOPENVAS:69735HistoryAug 03, 2011 - 12:00 a.m.
Debian Security Advisory DSA 2236-1 (exim4)
2011-08-0300:00:00
Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com
plugins.openvas.org
7
0.072 Low
EPSS
Percentile
93.3%
The remote host is missing an update to exim4
announced via advisory DSA 2236-1.
# OpenVAS Vulnerability Test
# $Id: deb_2236_1.nasl 6613 2017-07-07 12:08:40Z cfischer $
# Description: Auto-generated from advisory DSA 2236-1 (exim4)
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "It was discovered that Exim, Debian's default mail transfer agent, is
vulnerable to command injection attacks in its DKIM processing code,
leading to arbitrary code execution. (CVE-2011-1407)
The default configuration supplied by Debian does not expose this
vulnerability.
The oldstable distribution (lenny) is not affected by this problem.
For the stable distribution (squeeze), this problem has been fixed in
version 4.72-6+squeeze2.
For the unstable distribution (sid), this problem has been fixed in
version 4.76-1.
We recommend that you upgrade your exim4 packages.";
tag_summary = "The remote host is missing an update to exim4
announced via advisory DSA 2236-1.";
tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202236-1";
if(description)
{
script_id(69735);
script_version("$Revision: 6613 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)");
script_cve_id("CVE-2011-1407");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 2236-1 (exim4)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"exim4", ver:"4.72-6+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"exim4-base", ver:"4.72-6+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"exim4-config", ver:"4.72-6+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"exim4-daemon-heavy", ver:"4.72-6+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"exim4-daemon-heavy-dbg", ver:"4.72-6+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"exim4-daemon-light", ver:"4.72-6+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"exim4-daemon-light-dbg", ver:"4.72-6+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"exim4-dbg", ver:"4.72-6+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"exim4-dev", ver:"4.72-6+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"eximon4", ver:"4.72-6+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
Related
nessus
nessus
Debian DSA-2236-1 : exim4 - command injection
2011-05-13 00:00:00
openSUSE Security Update : exim (openSUSE-SU-2011:0535-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 : exim4 vulnerability (USN-1135-1)
2011-06-13 00:00:00
cvelist
cvelist
CVE-2011-1407
2011-05-16 18:00:00
debian
debian
[SECURITY] [DSA 2236-1] exim4 security update
2011-05-12 20:33:48
[BSA-036] Security Update for exim4
2011-05-16 07:23:02
debiancve
debiancve
CVE-2011-1407
2011-05-16 18:55:00
openvas
openvas
Debian: Security Advisory (DSA-2236-1)
2011-08-03 00:00:00
Ubuntu: Security Advisory (USN-1135-1)
2011-06-03 00:00:00
Ubuntu Update for exim4 USN-1135-1
2011-06-03 00:00:00
cve
cve
CVE-2011-1407
2011-05-16 18:55:00
osv
osv
exim4 - command injection
2011-05-12 00:00:00
prion
prion
Code injection
2011-05-16 18:55:00
ubuntucve
ubuntucve
CVE-2011-1407
2011-05-16 00:00:00
ubuntu
ubuntu
Exim vulnerability
2011-05-25 00:00:00
freebsd
freebsd
Exim -- remote code execution and information disclosure
2011-05-10 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: exim-4.76-2.fc15
2011-05-19 04:32:04
[SECURITY] Fedora 14 Update: exim-4.76-1.fc14
2011-05-17 20:56:10
[SECURITY] Fedora 13 Update: exim-4.76-1.fc13
2011-05-17 20:57:49
securityvulns
securityvulns
gentoo
gentoo
Exim: Multiple vulnerabilities
2014-01-27 00:00:00