openSUSE Security Update : exim (openSUSE-SU-2011:0535-1)

This update fixes a security issues : - exim remote code exection CVE-2011-1407 also some safety improvements regarding STARTTLS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update exim-4604. The...

openSUSE Security Update : exim (openSUSE-SU-2011:0535-1)

This update fixes a security issues : - exim remote code exection CVE-2011-1407 also some safety improvements regarding STARTTLS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update exim-4604. The...

Ubuntu 10.04 LTS / 10.10 / 11.04 : exim4 vulnerability (USN-1135-1)

It was discovered that the Exim daemon did not correctly handle certain DKIM identities. A remote attacker could send specially crafted email to run arbitrary code as the Exim user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...

Ubuntu Update for exim4 USN-1135-1

Ubuntu Update for Linux kernel vulnerabilities USN-1135-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11351.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for exim4 USN-1135-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Fedora Update for exim FEDORA-2011-7047

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for exim FEDORA-2011-7059

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 15 : exim-4.76-2.fc15 (2011-7111)

This update fixes two remote execution exploits in DKIM processing code CVE-2011-1407, CVE-2011-1764. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora 14 : exim-4.76-1.fc14 (2011-7047)

This update fixes two remote execution exploits in DKIM processing code CVE-2011-1407, CVE-2011-1764. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora 13 : exim-4.76-1.fc13 (2011-7059)

This update fixes two remote execution exploits in DKIM processing code CVE-2011-1407, CVE-2011-1764. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

CVE-2011-1407

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity...

CVE-2011-1407

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity...

CVE-2011-1407

Technical details about CVE-2011-1407 are not publicly provided in the connected documents. Exim is mentioned as affected in multiple advisories, but specific root cause, affected versions, and fixes are not disclosed here. Monitor for updates.

FreeBSD : Exim -- remote code execution and information disclosure (36594c54-7be7-11e0-9838-0022156e8794)

Release notes for Exim 4.76 says : Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution. DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header cau...

[BSA-036] Security Update for exim4

Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2011-1407 command injection attack in DKIM processing code For the lenny-backports distribution the problems have been fixed in version 4.72-6+squeeze2bpo50+1. For the stable distribution squeeze, thi...

Debian DSA-2236-1 : exim4 - command injection

It was discovered that Exim, Debian's default mail transfer agent, is vulnerable to command injection attacks in its DKIM processing code, leading to arbitrary code execution. CVE-2011-1407 The default configuration supplied by Debian does not expose this vulnerability. The oldstable distribution...

[SECURITY] [DSA 2236-1] exim4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2236-1 [email protected] http://www.debian.org/security/ Florian Weimer May 12, 2011 http://www.debian.org/security/faq -...

DSA-2236-1 exim4 - command injection

Bulletin has no description...

Exim < 4.76 dkim_exim_verify_finish() DKIM-Signature Header Format String

Based on its response to a specially formatted mail message, the Exim mail server listening on this port appears to be affected by a format string vulnerability. The vulnerability is due to a failure in the dkimeximverifyfinish function to properly sanitize format string specifiers in the...

Exim -- remote code execution and information disclosure

Release notes for Exim 4.76 says: Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution. DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header caus...