3 matches found
SUSE CVE-2014-2957
The dmarcprocess function in dmarc.c in Exim before 4.82.1, when EXPERIMENTALDMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expandstring function...
CVE-2014-2957
The CVE-2014-2957 entry concerns Exim (before 4.82.1). When EXPERIMENTAL_DMARC is enabled, the dmarc_process function in dmarc.c can be triggered via the From header in an email, passing data to expand_string and allowing remote code execution. This is the concrete vulnerability described in mult...
[oss-security] Fwd: [exim-announce] Exim 4.82.1 Security Release
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Short version: Exim MTA, CVE-2014-2957, remote code execution based on email header content when built with the EXPERIMENTALDMARC option. Flaw introduced with that option in Exim 4.82, which was previously the current release; no prior releases...