Lucene search
Ubuntu Update for exim4 USN-1130-1
🗓️ 17 May 2011 00:00:00Reported by Copyright (c) 2011 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 20 Views
Ubuntu Update for exim4 USN-1130-1. It was discovered that the Exim daemon did not correctly handle format strings in DKIM headers. An unauthenticated remote attacker could send specially crafted email to run arbitrary code as the Exim user. The default compiler options for affected releases reduces the vulnerability to a denial of service under most conditions
Show more
| Reporter | Title | Published | Views | Family All 45 |
|---|---|---|---|---|
 | Security fix for the ALT Linux 5 package exim version 4.76-alt0.M50P.1 | 16 May 201100:00 | – | altlinux |
 | CVE-2011-1764 | 5 Oct 201101:00 | – | cvelist |
 | [SECURITY] [DSA 2232-1] exim4 security update | 6 May 201119:41 | – | debian |
| [BSA-035] Security Update for exim4 | 10 May 201117:01 | – | debian |
 | Ubuntu 10.04 LTS / 10.10 / 11.04 : exim4 vulnerability (USN-1130-1) | 13 Jun 201100:00 | – | nessus |
| Debian DSA-2232-1 : exim4 - format string vulnerability | 9 May 201100:00 | – | nessus |
| openSUSE Security Update : exim (openSUSE-SU-2011:0456-1) | 13 Jun 201400:00 | – | nessus |
| openSUSE Security Update : exim (openSUSE-SU-2011:0456-1) | 13 Jun 201400:00 | – | nessus |
| Exim < 4.76 dkim_exim_verify_finish() DKIM-Signature Header Format String | 10 May 201100:00 | – | nessus |
| Fedora 14 : exim-4.76-1.fc14 (2011-7047) | 18 May 201100:00 | – | nessus |
10
| Source | Link |
|---|---|
| ubuntu | www.ubuntu.com/usn/usn-1130-1/ |
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1130_1.nasl 7964 2017-12-01 07:32:11Z santu $
#
# Ubuntu Update for exim4 USN-1130-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "It was discovered that the Exim daemon did not correctly handle format
strings in DKIM headers. An unauthenticated remote attacker could send
specially crafted email to run arbitrary code as the Exim user. The
default compiler options for affected releases reduces the vulnerability
to a denial of service under most conditions.";
tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-1130-1";
tag_affected = "exim4 on Ubuntu 11.04 ,
Ubuntu 10.10 ,
Ubuntu 10.04 LTS";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-1130-1/");
script_id(840659);
script_version("$Revision: 7964 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "USN", value: "1130-1");
script_cve_id("CVE-2011-1764");
script_name("Ubuntu Update for exim4 USN-1130-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"exim4-daemon-custom", ver:"4.71-3ubuntu1.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"exim4-daemon-heavy", ver:"4.71-3ubuntu1.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"exim4-daemon-light", ver:"4.71-3ubuntu1.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU11.04")
{
if ((res = isdpkgvuln(pkg:"exim4-daemon-custom", ver:"4.74-1ubuntu1.1", rls:"UBUNTU11.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"exim4-daemon-heavy", ver:"4.74-1ubuntu1.1", rls:"UBUNTU11.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"exim4-daemon-light", ver:"4.74-1ubuntu1.1", rls:"UBUNTU11.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU10.10")
{
if ((res = isdpkgvuln(pkg:"exim4-daemon-custom", ver:"4.72-1ubuntu1.2", rls:"UBUNTU10.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"exim4-daemon-heavy", ver:"4.72-1ubuntu1.2", rls:"UBUNTU10.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"exim4-daemon-light", ver:"4.72-1ubuntu1.2", rls:"UBUNTU10.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 May 2011 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.097