Vulners
Lucene search
Exim 4.98 SQL Injection
๐๏ธย 24 Feb 2025ย 00:00:00Reported byย Oscar BatailleTypeย 
ย packetstorm๐ย packetstorm.news๐ย 538ย Views
| Reporter | Title | Published | Views | Family All 48 |
|---|---|---|---|---|
 | exim -- SQL injection | 21 Feb 202500:00 | โ | freebsd |
 | Exim 4.98 SQL Injection Vulnerability | 24 Feb 202500:00 | โ | zdt |
 | CVE-2025-26794 | 21 Feb 202513:15 | โ | alpinelinux |
 | Astra Linux - ััะทะฒะธะผะพััั ะฒ exim4 | 20 May 202605:53 | โ | astralinux |
 | April Linux Patch Wednesday | 30 Apr 202523:34 | โ | avleonov |
 | CVE-2025-26794 | 19 Feb 202522:30 | โ | circl |
 | Exim ๅฎๅ จๆผๆด | 21 Feb 202500:00 | โ | cnnvd |
 | CVE-2025-26794 | 21 Feb 202500:00 | โ | cve |
 | CVE-2025-26794 | 21 Feb 202500:00 | โ | cvelist |
 | CVE-2025-26794 | 21 Feb 202500:00 | โ | debiancve |
10
# CVE 2025-26794
- Sat, 08 Feb 2025 21:14:37 +0100: reported
- by: "Oscar Bataille" <[email protected]>
- to: [email protected]
- Sun, 9 Feb 2025 00:00:05 +0100: report confirmed
- Tue, 11 Feb 2025 00:23:34 +0100: issue confirmed
- Tue, 11 Feb 2025 00:23:34 +0100: issue confirmed
- Tue, 11 Feb 2025 12:54:10 +0000: CVE ID requested
- Fri, 14 Feb 2025 04:19:13 -0500: CVE ID 2025-26794 received
- Tue, 18 Feb 2025 20:56:25 +0100: sent notification to <[email protected]>
- Wed, 19 Feb 2025 23:07:02 +0100: sent notification to <[email protected]>, and <[email protected]>
- Wed, 19 Feb 2025 23:07:02 +0100: sent notification to <[email protected]>, and <[email protected]>
- Thu, 20 Feb 2025 18:36:34 +0100: sent notification to <[email protected]>
- Fri, 21 Feb 2025 13:00:00 +0100: published the changes on https://code.exim.org/exim/exim.git
## Details
A SQL injection is possible.
The following conditions have to be met for being vulnerable:
- Exim Version 4.98
- Build time option _USE_SQLITE_ is set (it enables the use of SQLite
for the hints databases) -- check the output of `exim -bV`, whether it
contains
```
Hints DB:
Using sqlite3
```
- Runtime config enables ETRN (`acl_smtp_etrn` returns _accept_
(defaults to _deny_))
- Runtime config enforces ETRN serialization (`smtp_etrn_serialize` is
set to _true_ (defaults to _true_))
## Acknowledgements
Thanks to Oscar Bataille for discovering and reporting this issue in a
responsible manner.Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Feb 2025 00:00Current
8.5High risk
Vulners AI Score8.5
CVSS 3.17.5
EPSS0.77997
SSVC