{"cve": [{"lastseen": "2020-10-03T12:06:12", "description": "Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to \"warn control = dkim_disable_verify,\" allows remote attackers to execute arbitrary code via an email from a malicious DNS server.", "edition": 3, "cvss3": {}, "published": "2012-10-31T16:55:00", "title": "CVE-2012-5671", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5671"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/a:exim:exim:4.77", "cpe:/a:exim:exim:4.73", "cpe:/a:exim:exim:4.70", "cpe:/a:exim:exim:4.72", "cpe:/a:exim:exim:4.75", "cpe:/a:exim:exim:4.80", "cpe:/a:exim:exim:4.74", "cpe:/a:exim:exim:4.76", "cpe:/a:exim:exim:4.71"], "id": "CVE-2012-5671", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5671", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.80:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.77:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.76:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:06", "description": "Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.", "edition": 5, "cvss3": {}, "published": "2011-10-05T02:56:00", "title": "CVE-2011-1764", "type": "cve", "cwe": ["CWE-134"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1764"], "modified": "2014-02-21T04:42:00", "cpe": ["cpe:/a:exim:exim:3.14", "cpe:/a:exim:exim:4.68", "cpe:/a:exim:exim:3.01", "cpe:/a:exim:exim:4.60", "cpe:/a:exim:exim:3.21", "cpe:/a:exim:exim:4.21", "cpe:/a:exim:exim:2.12", "cpe:/a:exim:exim:4.31", "cpe:/a:exim:exim:4.34", "cpe:/a:exim:exim:4.63", "cpe:/a:exim:exim:4.61", "cpe:/a:exim:exim:4.03", "cpe:/a:exim:exim:4.14", "cpe:/a:exim:exim:4.65", "cpe:/a:exim:exim:4.43", "cpe:/a:exim:exim:3.13", "cpe:/a:exim:exim:4.11", "cpe:/a:exim:exim:4.62", "cpe:/a:exim:exim:3.15", "cpe:/a:exim:exim:4.64", "cpe:/a:exim:exim:4.67", "cpe:/a:exim:exim:4.73", "cpe:/a:exim:exim:4.30", "cpe:/a:exim:exim:4.50", "cpe:/a:exim:exim:4.42", "cpe:/a:exim:exim:3.20", "cpe:/a:exim:exim:4.44", "cpe:/a:exim:exim:3.34", "cpe:/a:exim:exim:3.11", "cpe:/a:exim:exim:4.05", "cpe:/a:exim:exim:4.32", "cpe:/a:exim:exim:3.36", "cpe:/a:exim:exim:4.22", "cpe:/a:exim:exim:3.32", "cpe:/a:exim:exim:3.02", "cpe:/a:exim:exim:2.10", "cpe:/a:exim:exim:4.70", "cpe:/a:exim:exim:4.12", "cpe:/a:exim:exim:4.72", "cpe:/a:exim:exim:4.54", "cpe:/a:exim:exim:3.12", "cpe:/a:exim:exim:4.51", "cpe:/a:exim:exim:3.31", "cpe:/a:exim:exim:4.00", "cpe:/a:exim:exim:4.04", "cpe:/a:exim:exim:3.16", "cpe:/a:exim:exim:4.20", "cpe:/a:exim:exim:4.10", "cpe:/a:exim:exim:4.40", "cpe:/a:exim:exim:4.69", "cpe:/a:exim:exim:2.11", "cpe:/a:exim:exim:3.35", "cpe:/a:exim:exim:4.41", "cpe:/a:exim:exim:4.02", "cpe:/a:exim:exim:4.66", "cpe:/a:exim:exim:4.53", "cpe:/a:exim:exim:4.75", "cpe:/a:exim:exim:3.30", "cpe:/a:exim:exim:3.33", "cpe:/a:exim:exim:3.00", "cpe:/a:exim:exim:3.22", "cpe:/a:exim:exim:4.24", "cpe:/a:exim:exim:4.52", "cpe:/a:exim:exim:4.74", "cpe:/a:exim:exim:4.01", "cpe:/a:exim:exim:3.03", "cpe:/a:exim:exim:4.71", "cpe:/a:exim:exim:4.33", "cpe:/a:exim:exim:3.10", "cpe:/a:exim:exim:4.23"], "id": "CVE-2011-1764", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1764", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.33:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.20:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.69:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.32:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.30:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:*", "cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-02T10:57:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671", "CVE-2011-1764"], "description": "Check for the Version of exim", "modified": "2018-01-02T00:00:00", "published": "2012-12-13T00:00:00", "id": "OPENVAS:850355", "href": "http://plugins.openvas.org/nasl.php?oid=850355", "type": "openvas", "title": "SuSE Update for exim openSUSE-SU-2012:1404-1 (exim)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_1404_1.nasl 8267 2018-01-02 06:29:17Z teissa $\n#\n# SuSE Update for exim openSUSE-SU-2012:1404-1 (exim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"exim on openSUSE 12.1, openSUSE 11.4\";\ntag_insight = \"This update fixes a remotely exploitable overflow in DKIM\n handling.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850355);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:02:12 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2011-1764\", \"CVE-2012-5671\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:1404_1\");\n script_name(\"SuSE Update for exim openSUSE-SU-2012:1404-1 (exim)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of exim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"exim\", rpm:\"exim~4.80.1~23.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"exim-debuginfo\", rpm:\"exim-debuginfo~4.80.1~23.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"exim-debugsource\", rpm:\"exim-debugsource~4.80.1~23.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eximon\", rpm:\"eximon~4.80.1~23.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eximon-debuginfo\", rpm:\"eximon-debuginfo~4.80.1~23.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eximstats-html\", rpm:\"eximstats-html~4.80.1~23.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"exim\", rpm:\"exim~4.80.1~5.4.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"exim-debuginfo\", rpm:\"exim-debuginfo~4.80.1~5.4.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"exim-debugsource\", rpm:\"exim-debugsource~4.80.1~5.4.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eximon\", rpm:\"eximon~4.80.1~5.4.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eximon-debuginfo\", rpm:\"eximon-debuginfo~4.80.1~5.4.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eximstats-html\", rpm:\"eximstats-html~4.80.1~5.4.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-31T18:41:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671", "CVE-2011-1764"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2012-12-13T00:00:00", "id": "OPENVAS:1361412562310850355", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850355", "type": "openvas", "title": "openSUSE: Security Advisory for exim (openSUSE-SU-2012:1404-1)", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850355\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:02:12 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2011-1764\", \"CVE-2012-5671\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:1404-1\");\n script_name(\"openSUSE: Security Advisory for exim (openSUSE-SU-2012:1404-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'exim'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.4|openSUSE12\\.1)\");\n\n script_tag(name:\"affected\", value:\"exim on openSUSE 12.1, openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"This update fixes a remotely exploitable overflow in DKIM\n handling.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"exim\", rpm:\"exim~4.80.1~23.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"exim-debuginfo\", rpm:\"exim-debuginfo~4.80.1~23.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"exim-debugsource\", rpm:\"exim-debugsource~4.80.1~23.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"eximon\", rpm:\"eximon~4.80.1~23.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"eximon-debuginfo\", rpm:\"eximon-debuginfo~4.80.1~23.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"eximstats-html\", rpm:\"eximstats-html~4.80.1~23.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"exim\", rpm:\"exim~4.80.1~5.4.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"exim-debuginfo\", rpm:\"exim-debuginfo~4.80.1~5.4.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"exim-debugsource\", rpm:\"exim-debugsource~4.80.1~5.4.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"eximon\", rpm:\"eximon~4.80.1~5.4.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"eximon-debuginfo\", rpm:\"eximon-debuginfo~4.80.1~5.4.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"eximstats-html\", rpm:\"eximstats-html~4.80.1~5.4.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "description": "Check for the Version of exim", "modified": "2018-01-04T00:00:00", "published": "2012-11-02T00:00:00", "id": "OPENVAS:864833", "href": "http://plugins.openvas.org/nasl.php?oid=864833", "type": "openvas", "title": "Fedora Update for exim FEDORA-2012-17085", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for exim FEDORA-2012-17085\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"exim on Fedora 16\";\ntag_insight = \"Exim is a message transfer agent (MTA) developed at the University of\n Cambridge for use on Unix systems connected to the Internet. It is\n freely available under the terms of the GNU General Public Licence. In\n style it is similar to Smail 3, but its facilities are more\n general. There is a great deal of flexibility in the way mail can be\n routed, and there are extensive facilities for checking incoming\n mail. Exim can be installed in place of sendmail, although the\n configuration of exim is quite different to that of sendmail.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html\");\n script_id(864833);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-02 10:59:19 +0530 (Fri, 02 Nov 2012)\");\n script_cve_id(\"CVE-2012-5671\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-17085\");\n script_name(\"Fedora Update for exim FEDORA-2012-17085\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of exim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"exim\", rpm:\"exim~4.76~4.fc16.2\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-12T00:00:00", "published": "2012-10-29T00:00:00", "id": "OPENVAS:72541", "href": "http://plugins.openvas.org/nasl.php?oid=72541", "type": "openvas", "title": "FreeBSD Ports: exim", "sourceData": "#\n#VID b0f3ab1f-1f3b-11e2-8fe9-0022156e8794\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID b0f3ab1f-1f3b-11e2-8fe9-0022156e8794\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: exim\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html\nhttp://www.vuxml.org/freebsd/b0f3ab1f-1f3b-11e2-8fe9-0022156e8794.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(72541);\n script_cve_id(\"CVE-2012-5671\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 5940 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 10:22:19 -0400 (Mon, 29 Oct 2012)\");\n script_name(\"FreeBSD Ports: exim\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"exim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.70\")>=0 && revcomp(a:bver, b:\"4.80.1\")<0) {\n txt += \"Package exim version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "description": "The remote host is missing an update to exim4\nannounced via advisory DSA 2566-1.", "modified": "2017-07-07T00:00:00", "published": "2012-10-29T00:00:00", "id": "OPENVAS:72537", "href": "http://plugins.openvas.org/nasl.php?oid=72537", "type": "openvas", "title": "Debian Security Advisory DSA 2566-1 (exim4)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2566_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2566-1 (exim4)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Exim, a mail transport agent, is not properly\nhandling the decoding of DNS records for DKIM. Specifically, crafted\nrecords can yield to a heap-based buffer overflow. An attacker can\nexploit this flaw to execute arbitrary code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.72-6+squeeze3.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 4.80-5.1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.80-5.1.\n\n\nWe recommend that you upgrade your exim4 packages.\";\ntag_summary = \"The remote host is missing an update to exim4\nannounced via advisory DSA 2566-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202566-1\";\n\nif(description)\n{\n script_id(72537);\n script_cve_id(\"CVE-2012-5671\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 10:21:14 -0400 (Mon, 29 Oct 2012)\");\n script_name(\"Debian Security Advisory DSA 2566-1 (exim4)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"exim4\", ver:\"4.72-6+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-base\", ver:\"4.72-6+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-config\", ver:\"4.72-6+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.72-6+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-heavy-dbg\", ver:\"4.72-6+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.72-6+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-light-dbg\", ver:\"4.72-6+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-dbg\", ver:\"4.72-6+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-dev\", ver:\"4.72-6+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"eximon4\", ver:\"4.72-6+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4\", ver:\"4.80-5.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-base\", ver:\"4.80-5.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-config\", ver:\"4.80-5.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.80-5.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-heavy-dbg\", ver:\"4.80-5.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.80-5.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-light-dbg\", ver:\"4.80-5.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-dbg\", ver:\"4.80-5.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-dev\", ver:\"4.80-5.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"eximon4\", ver:\"4.80-5.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-10-29T00:00:00", "id": "OPENVAS:136141256231072541", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072541", "type": "openvas", "title": "FreeBSD Ports: exim", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_exim4.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID b0f3ab1f-1f3b-11e2-8fe9-0022156e8794\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72541\");\n script_cve_id(\"CVE-2012-5671\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 10:22:19 -0400 (Mon, 29 Oct 2012)\");\n script_name(\"FreeBSD Ports: exim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: exim\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/b0f3ab1f-1f3b-11e2-8fe9-0022156e8794.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"exim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.70\")>=0 && revcomp(a:bver, b:\"4.80.1\")<0) {\n txt += \"Package exim version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:20:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1618-1", "modified": "2017-12-01T00:00:00", "published": "2012-10-29T00:00:00", "id": "OPENVAS:841201", "href": "http://plugins.openvas.org/nasl.php?oid=841201", "type": "openvas", "title": "Ubuntu Update for exim4 USN-1618-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1618_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for exim4 USN-1618-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Exim incorrectly handled DKIM DNS decoding. This\n flaw could allow a remote attacker to execute arbitrary code.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1618-1\";\ntag_affected = \"exim4 on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1618-1/\");\n script_id(841201);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 11:03:53 +0530 (Mon, 29 Oct 2012)\");\n script_cve_id(\"CVE-2012-5671\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1618-1\");\n script_name(\"Ubuntu Update for exim4 USN-1618-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-custom\", ver:\"4.71-3ubuntu1.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.71-3ubuntu1.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.71-3ubuntu1.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-custom\", ver:\"4.76-3ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.76-3ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.76-3ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-custom\", ver:\"4.76-2ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.76-2ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.76-2ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-custom\", ver:\"4.74-1ubuntu1.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.74-1ubuntu1.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.74-1ubuntu1.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "description": "The remote host is missing an update to exim4\nannounced via advisory DSA 2566-1.", "modified": "2019-03-18T00:00:00", "published": "2012-10-29T00:00:00", "id": "OPENVAS:136141256231072537", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072537", "type": "openvas", "title": "Debian Security Advisory DSA 2566-1 (exim4)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2566_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2566-1 (exim4)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72537\");\n script_cve_id(\"CVE-2012-5671\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 10:21:14 -0400 (Mon, 29 Oct 2012)\");\n script_name(\"Debian Security Advisory DSA 2566-1 (exim4)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202566-1\");\n script_tag(name:\"insight\", value:\"It was discovered that Exim, a mail transport agent, is not properly\nhandling the decoding of DNS records for DKIM. Specifically, crafted\nrecords can yield to a heap-based buffer overflow. An attacker can\nexploit this flaw to execute arbitrary code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.72-6+squeeze3.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 4.80-5.1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.80-5.1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your exim4 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to exim4\nannounced via advisory DSA 2566-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"exim4\", ver:\"4.72-6+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-base\", ver:\"4.72-6+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-config\", ver:\"4.72-6+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.72-6+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-heavy-dbg\", ver:\"4.72-6+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.72-6+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-light-dbg\", ver:\"4.72-6+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-dbg\", ver:\"4.72-6+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-dev\", ver:\"4.72-6+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"eximon4\", ver:\"4.72-6+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4\", ver:\"4.80-5.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-base\", ver:\"4.80-5.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-config\", ver:\"4.80-5.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.80-5.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-heavy-dbg\", ver:\"4.80-5.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.80-5.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-daemon-light-dbg\", ver:\"4.80-5.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-dbg\", ver:\"4.80-5.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"exim4-dev\", ver:\"4.80-5.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"eximon4\", ver:\"4.80-5.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1618-1", "modified": "2019-03-13T00:00:00", "published": "2012-10-29T00:00:00", "id": "OPENVAS:1361412562310841201", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841201", "type": "openvas", "title": "Ubuntu Update for exim4 USN-1618-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1618_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for exim4 USN-1618-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1618-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841201\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 11:03:53 +0530 (Mon, 29 Oct 2012)\");\n script_cve_id(\"CVE-2012-5671\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1618-1\");\n script_name(\"Ubuntu Update for exim4 USN-1618-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1618-1\");\n script_tag(name:\"affected\", value:\"exim4 on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Exim incorrectly handled DKIM DNS decoding. This\n flaw could allow a remote attacker to execute arbitrary code.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-custom\", ver:\"4.71-3ubuntu1.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.71-3ubuntu1.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.71-3ubuntu1.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-custom\", ver:\"4.76-3ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.76-3ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.76-3ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-custom\", ver:\"4.76-2ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.76-2ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.76-2ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-custom\", ver:\"4.74-1ubuntu1.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-heavy\", ver:\"4.74-1ubuntu1.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"exim4-daemon-light\", ver:\"4.74-1ubuntu1.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-11-02T00:00:00", "id": "OPENVAS:1361412562310864827", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864827", "type": "openvas", "title": "Fedora Update for exim FEDORA-2012-17044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for exim FEDORA-2012-17044\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864827\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-02 10:58:53 +0530 (Fri, 02 Nov 2012)\");\n script_cve_id(\"CVE-2012-5671\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-17044\");\n script_name(\"Fedora Update for exim FEDORA-2012-17044\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'exim'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"exim on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"exim\", rpm:\"exim~4.76~9.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-06-05T11:12:05", "description": "This update fixes a remotely exploitable overflow in DKIM handling.", "edition": 15, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : exim (openSUSE-SU-2012:1404-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671", "CVE-2011-1764"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:eximstats-html", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:exim-debuginfo", "p-cpe:/a:novell:opensuse:exim", "p-cpe:/a:novell:opensuse:eximon-debuginfo", "p-cpe:/a:novell:opensuse:eximon", "p-cpe:/a:novell:opensuse:exim-debugsource", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2012-738.NASL", "href": "https://www.tenable.com/plugins/nessus/74790", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-738.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74790);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2011-1764\", \"CVE-2012-5671\");\n\n script_name(english:\"openSUSE Security Update : exim (openSUSE-SU-2012:1404-1)\");\n script_summary(english:\"Check for the openSUSE-2012-738 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This update fixes a remotely exploitable overflow in DKIM handling.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=786652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-10/msg00083.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected exim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:exim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:exim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:exim-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:eximon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:eximon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:eximstats-html\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"exim-4.80.1-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"exim-debuginfo-4.80.1-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"exim-debugsource-4.80.1-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"eximon-4.80.1-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"eximon-debuginfo-4.80.1-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"eximstats-html-4.80.1-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"exim-4.80.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"exim-debuginfo-4.80.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"exim-debugsource-4.80.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"eximon-4.80.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"eximon-debuginfo-4.80.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"eximstats-html-4.80.1-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"exim\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:57:38", "description": "According to its banner, the version of Exim running on the remote host\nis between 4.70 and 4.80 inclusive. It therefore is potentially\naffected by a remote, heap-based buffer overflow vulnerability when\ndecoding DKIM (DomainKeys Identified Mail) DNS records that can be\ntriggered by a specially crafted email sent from a domain under the\nattacker's control. \n\nBy exploiting this flaw, a remote, unauthenticated attacker could\nexecute arbitrary code on the remote host subject to the privileges of\nthe user running the affected application.\n\nNote that this issue is only exploitable when exim is built with DKIM\nsupport, which is true by default, and has not been disabled. Note too\nthat Nessus has not checked whether either condition is true.", "edition": 24, "published": "2012-10-29T00:00:00", "title": "Exim 4.70 - 4.80 DKIM DNS Record Parsing Remote Buffer Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:exim:exim"], "id": "EXIM_4_80_1.NASL", "href": "https://www.tenable.com/plugins/nessus/62734", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62734);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\"CVE-2012-5671\");\n script_bugtraq_id(56285);\n\n script_name(english:\"Exim 4.70 - 4.80 DKIM DNS Record Parsing Remote Buffer Overflow\");\n script_summary(english:\"Checks version of SMTP banner\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote mail server is potentially affected by a buffer overflow\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Exim running on the remote host\nis between 4.70 and 4.80 inclusive. It therefore is potentially\naffected by a remote, heap-based buffer overflow vulnerability when\ndecoding DKIM (DomainKeys Identified Mail) DNS records that can be\ntriggered by a specially crafted email sent from a domain under the\nattacker's control. \n\nBy exploiting this flaw, a remote, unauthenticated attacker could\nexecute arbitrary code on the remote host subject to the privileges of\nthe user running the affected application.\n\nNote that this issue is only exploitable when exim is built with DKIM\nsupport, which is true by default, and has not been disabled. Note too\nthat Nessus has not checked whether either condition is true.\");\n script_set_attribute(attribute:\"see_also\", value:\"ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.80.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Exim 4.80.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5671\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/29\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:exim:exim\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SMTP problems\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smtpserver_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/smtp\", 25);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smtp_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_service(svc:\"smtp\", default:25, exit_on_fail:TRUE);\n\nbanner = get_smtp_banner(port:port);\nif (!banner) exit(1, \"Failed to retrieve the banner from the SMTP server listening on port \"+port+\".\");\nif (\"Exim\" >!< banner) exit(0, \"The banner from the SMTP server listening on port \"+port+\" is not from Exim.\");\n\nmatches = eregmatch(pattern:\"220.*Exim ([0-9\\.]+)\", string:banner);\nif (isnull(matches)) exit(1, \"Failed to determine the version of Exim based on the banner from the SMTP server listening on port \"+port+\".\");\n\nversion = matches[1];\nif (ereg(pattern:'^(4\\\\.(7[0-9]([^0-9]|$)|80$))', string:version))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Banner : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 4.80.1';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, 'Exim', port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:38:32", "description": "It was discovered that Exim incorrectly handled DKIM DNS decoding.\nThis flaw could allow a remote attacker to execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-10-26T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : exim4 vulnerability (USN-1618-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-custom", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-heavy", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-light", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1618-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62708", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1618-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62708);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-5671\");\n script_xref(name:\"USN\", value:\"1618-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : exim4 vulnerability (USN-1618-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Exim incorrectly handled DKIM DNS decoding.\nThis flaw could allow a remote attacker to execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1618-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected exim4-daemon-custom, exim4-daemon-heavy and / or\nexim4-daemon-light packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-heavy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-light\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"exim4-daemon-custom\", pkgver:\"4.71-3ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"exim4-daemon-heavy\", pkgver:\"4.71-3ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"exim4-daemon-light\", pkgver:\"4.71-3ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"exim4-daemon-custom\", pkgver:\"4.74-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"exim4-daemon-heavy\", pkgver:\"4.74-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"exim4-daemon-light\", pkgver:\"4.74-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"exim4-daemon-custom\", pkgver:\"4.76-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"exim4-daemon-heavy\", pkgver:\"4.76-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"exim4-daemon-light\", pkgver:\"4.76-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"exim4-daemon-custom\", pkgver:\"4.76-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"exim4-daemon-heavy\", pkgver:\"4.76-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"exim4-daemon-light\", pkgver:\"4.76-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"exim4-daemon-custom\", pkgver:\"4.80-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"exim4-daemon-heavy\", pkgver:\"4.80-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"exim4-daemon-light\", pkgver:\"4.80-3ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"exim4-daemon-custom / exim4-daemon-heavy / exim4-daemon-light\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:21:48", "description": "According to its version, the Atmail Webmail install on the remote\nhost is a version prior to 6.6.2. It is, therefore, potentially\naffected by an error in the included Exim component related to the\n'dkim_exim_query_dns_txt' function and DNS record parsing that could\nallow a buffer overflow and possibly arbitrary code execution.", "edition": 26, "published": "2014-04-18T00:00:00", "title": "Atmail Webmail < 6.6.2 Exim Buffer Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:atmail:atmail"], "id": "ATMAIL_WEBMAIL_6_6_2.NASL", "href": "https://www.tenable.com/plugins/nessus/73621", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73621);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2012-5671\");\n script_bugtraq_id(56285);\n\n script_name(english:\"Atmail Webmail < 6.6.2 Exim Buffer Overflow\");\n script_summary(english:\"Checks Atmail version number\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by a\nbuffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the Atmail Webmail install on the remote\nhost is a version prior to 6.6.2. It is, therefore, potentially\naffected by an error in the included Exim component related to the\n'dkim_exim_query_dns_txt' function and DNS record parsing that could\nallow a buffer overflow and possibly arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.atmail.com/hc/en-us/categories/200214454-Changelog\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Atmail Webmail 6.6.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:atmail:atmail\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"atmail_webmail_detect.nasl\");\n script_require_keys(\"www/atmail_webmail\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\ninstall = get_install_from_kb(appname:'atmail_webmail', port:port, exit_on_fail:TRUE);\n\ndir = install['dir'];\ndisplay_version = install['ver'];\n# Get normalized version for check\nkb_dir = str_replace(string:dir, find:\"/\", replace:\"\\\");\nversion = get_kb_item_or_exit('www/'+port+'/atmail_webmail_normalized_ver/'+kb_dir+'/'+display_version);\ninstall_url = build_url(port:port, qs:dir);\n\nif (version == UNKNOWN_VER || isnull(version))\n audit(AUDIT_UNKNOWN_WEB_APP_VER, \"Atmail Webmail\", install_url);\n\nif (version !~ \"^6\\.\")\n audit(AUDIT_WEB_APP_NOT_INST, \"Atmail Webmail 6.x\", port);\n\nif (ver_compare(ver:version, fix:'6.6.2', strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version + ' ('+display_version+')' +\n '\\n Fixed version : 6.6.2\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, \"Atmail Webmail\", install_url, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:09", "description": "This update protect DKIM DNS decoding from remote exploit,\nCVE-2012-5671.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-10-30T00:00:00", "title": "Fedora 17 : exim-4.76-9.fc17 (2012-17044)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "modified": "2012-10-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:exim"], "id": "FEDORA_2012-17044.NASL", "href": "https://www.tenable.com/plugins/nessus/62754", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-17044.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62754);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5671\");\n script_bugtraq_id(56146, 56285);\n script_xref(name:\"FEDORA\", value:\"2012-17044\");\n\n script_name(english:\"Fedora 17 : exim-4.76-9.fc17 (2012-17044)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update protect DKIM DNS decoding from remote exploit,\nCVE-2012-5671.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=870347\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e45159ee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected exim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:exim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"exim-4.76-9.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"exim\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:09", "description": "This update protect DKIM DNS decoding from remote exploit,\nCVE-2012-5671.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-11-09T00:00:00", "title": "Fedora 18 : exim-4.80.1-1.fc18 (2012-16899)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "modified": "2012-11-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:exim"], "id": "FEDORA_2012-16899.NASL", "href": "https://www.tenable.com/plugins/nessus/62865", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-16899.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62865);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5671\");\n script_xref(name:\"FEDORA\", value:\"2012-16899\");\n\n script_name(english:\"Fedora 18 : exim-4.80.1-1.fc18 (2012-16899)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update protect DKIM DNS decoding from remote exploit,\nCVE-2012-5671.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=870347\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?398e9bec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected exim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:exim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"exim-4.80.1-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"exim\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:09", "description": "This update protect DKIM DNS decoding from remote exploit,\nCVE-2012-5671.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-10-31T00:00:00", "title": "Fedora 16 : exim-4.76-4.fc16.2 (2012-17085)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "modified": "2012-10-31T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:exim", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-17085.NASL", "href": "https://www.tenable.com/plugins/nessus/62769", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-17085.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62769);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5671\");\n script_bugtraq_id(56285);\n script_xref(name:\"FEDORA\", value:\"2012-17085\");\n\n script_name(english:\"Fedora 16 : exim-4.76-4.fc16.2 (2012-17085)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update protect DKIM DNS decoding from remote exploit,\nCVE-2012-5671.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=870347\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc41ff6c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected exim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:exim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"exim-4.76-4.fc16.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"exim\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:47:39", "description": "It was discovered that Exim, a mail transport agent, is not properly\nhandling the decoding of DNS records for DKIM. Specifically, crafted\nrecords can yield to a heap-based buffer overflow. An attacker can\nexploit this flaw to execute arbitrary code.", "edition": 16, "published": "2012-10-29T00:00:00", "title": "Debian DSA-2566-1 : exim4 - heap-based buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "modified": "2012-10-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:exim4"], "id": "DEBIAN_DSA-2566.NASL", "href": "https://www.tenable.com/plugins/nessus/62721", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2566. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62721);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5671\");\n script_xref(name:\"DSA\", value:\"2566\");\n\n script_name(english:\"Debian DSA-2566-1 : exim4 - heap-based buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Exim, a mail transport agent, is not properly\nhandling the decoding of DNS records for DKIM. Specifically, crafted\nrecords can yield to a heap-based buffer overflow. An attacker can\nexploit this flaw to execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/exim4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the exim4 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.72-6+squeeze3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:exim4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"exim4\", reference:\"4.72-6+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"exim4-base\", reference:\"4.72-6+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"exim4-config\", reference:\"4.72-6+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"exim4-daemon-heavy\", reference:\"4.72-6+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"exim4-daemon-heavy-dbg\", reference:\"4.72-6+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"exim4-daemon-light\", reference:\"4.72-6+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"exim4-daemon-light-dbg\", reference:\"4.72-6+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"exim4-dbg\", reference:\"4.72-6+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"exim4-dev\", reference:\"4.72-6+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"eximon4\", reference:\"4.72-6+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:49:09", "description": "This vulnerability affects Exim instances built with DKIM enabled\n(this is the default for FreeBSD Exim port) and running verification\nof DKIM signatures on the incoming mail messages.\n\nPhil Penncock reports :\n\nThis is a SECURITY release, addressing a CRITICAL remote code\nexecution flaw in versions of Exim between 4.70 and 4.80 inclusive,\nwhen built with DKIM support (the default).\n\nThis security vulnerability can be exploited by anyone who can send\nemail from a domain for which they control the DNS.\n\nYou are not vulnerable if you built Exim with DISABLE_DKIM or if you\nput this at the start of an ACL plumbed into acl_smtp_connect or\nacl_smtp_rcpt : warn control = dkim_disable_verify", "edition": 21, "published": "2012-10-26T00:00:00", "title": "FreeBSD : Exim -- remote code execution (b0f3ab1f-1f3b-11e2-8fe9-0022156e8794)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5671"], "modified": "2012-10-26T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:exim"], "id": "FREEBSD_PKG_B0F3AB1F1F3B11E28FE90022156E8794.NASL", "href": "https://www.tenable.com/plugins/nessus/62706", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62706);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5671\");\n\n script_name(english:\"FreeBSD : Exim -- remote code execution (b0f3ab1f-1f3b-11e2-8fe9-0022156e8794)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This vulnerability affects Exim instances built with DKIM enabled\n(this is the default for FreeBSD Exim port) and running verification\nof DKIM signatures on the incoming mail messages.\n\nPhil Penncock reports :\n\nThis is a SECURITY release, addressing a CRITICAL remote code\nexecution flaw in versions of Exim between 4.70 and 4.80 inclusive,\nwhen built with DKIM support (the default).\n\nThis security vulnerability can be exploited by anyone who can send\nemail from a domain for which they control the DNS.\n\nYou are not vulnerable if you built Exim with DISABLE_DKIM or if you\nput this at the start of an ACL plumbed into acl_smtp_connect or\nacl_smtp_rcpt : warn control = dkim_disable_verify\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html\"\n );\n # https://vuxml.freebsd.org/freebsd/b0f3ab1f-1f3b-11e2-8fe9-0022156e8794.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88fadba2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:exim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"exim>=4.70<4.80.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:35:02", "description": "It was discovered that the Exim daemon did not correctly handle format\nstrings in DKIM headers. An unauthenticated remote attacker could send\nspecially crafted email to run arbitrary code as the Exim user. The\ndefault compiler options for affected releases reduces the\nvulnerability to a denial of service under most conditions.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-06-13T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : exim4 vulnerability (USN-1130-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1764"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-custom", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-heavy", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-light"], "id": "UBUNTU_USN-1130-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55091", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1130-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55091);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1764\");\n script_bugtraq_id(47736);\n script_xref(name:\"USN\", value:\"1130-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : exim4 vulnerability (USN-1130-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Exim daemon did not correctly handle format\nstrings in DKIM headers. An unauthenticated remote attacker could send\nspecially crafted email to run arbitrary code as the Exim user. The\ndefault compiler options for affected releases reduces the\nvulnerability to a denial of service under most conditions.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1130-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected exim4-daemon-custom, exim4-daemon-heavy and / or\nexim4-daemon-light packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-heavy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-light\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"exim4-daemon-custom\", pkgver:\"4.71-3ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"exim4-daemon-heavy\", pkgver:\"4.71-3ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"exim4-daemon-light\", pkgver:\"4.71-3ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"exim4-daemon-custom\", pkgver:\"4.72-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"exim4-daemon-heavy\", pkgver:\"4.72-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"exim4-daemon-light\", pkgver:\"4.72-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"exim4-daemon-custom\", pkgver:\"4.74-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"exim4-daemon-heavy\", pkgver:\"4.74-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"exim4-daemon-light\", pkgver:\"4.74-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"exim4-daemon-custom / exim4-daemon-heavy / exim4-daemon-light\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:21", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5671"], "description": "It was discovered that Exim incorrectly handled DKIM DNS decoding. This \nflaw could allow a remote attacker to execute arbitrary code.", "edition": 5, "modified": "2012-10-26T00:00:00", "published": "2012-10-26T00:00:00", "id": "USN-1618-1", "href": "https://ubuntu.com/security/notices/USN-1618-1", "title": "Exim vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T00:33:22", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1764"], "description": "It was discovered that the Exim daemon did not correctly handle format \nstrings in DKIM headers. An unauthenticated remote attacker could send \nspecially crafted email to run arbitrary code as the Exim user. The \ndefault compiler options for affected releases reduces the vulnerability \nto a denial of service under most conditions.", "edition": 5, "modified": "2011-05-10T00:00:00", "published": "2011-05-10T00:00:00", "id": "USN-1130-1", "href": "https://ubuntu.com/security/notices/USN-1130-1", "title": "Exim vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-5671"], "description": "Buffer overflow on DKIM handling", "edition": 1, "modified": "2012-10-28T00:00:00", "published": "2012-10-28T00:00:00", "id": "SECURITYVULNS:VULN:12666", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12666", "title": "exim buffer overflow", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-5671"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2566-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nOctober 25, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : exim4\r\nVulnerability : heap-based buffer overflow\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-5671\r\n\r\nIt was discovered that Exim, a mail transport agent, is not properly\r\nhandling the decoding of DNS records for DKIM. Specifically, crafted\r\nrecords can yield to a heap-based buffer overflow. An attacker can\r\nexploit this flaw to execute arbitrary code.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 4.72-6+squeeze3.\r\n\r\nFor the testing distribution (wheezy), this problem has been fixed in\r\nversion 4.80-5.1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 4.80-5.1.\r\n\r\n\r\nWe recommend that you upgrade your exim4 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niEYEARECAAYFAlCKYrgACgkQHYflSXNkfP+/nwCeIN7ZAsHG/zXm3DpBcI/5rrhY\r\n8hsAn3F0AzTH5wLvICpTM6InEny5vuCy\r\n=T8xi\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-10-28T00:00:00", "published": "2012-10-28T00:00:00", "id": "SECURITYVULNS:DOC:28679", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28679", "title": "[SECURITY] [DSA 2566-1] exim4 security update", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-1764"], "description": "Format string vulnerability on DKIM data obtained from DNS.", "edition": 1, "modified": "2011-05-08T00:00:00", "published": "2011-05-08T00:00:00", "id": "SECURITYVULNS:VULN:11655", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11655", "title": "exim format string vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-1764"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2232-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nMay 06, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : exim4\r\nVulnerability : format string vulnerability\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-1764\r\nDebian Bug : 624670\r\n\r\nIt was discovered that Exim, the default mail transport agent in\r\nDebian, uses DKIM data obtain from DNS directly in a format string,\r\npotentially allowing malicious mail senders to execute arbitrary code.\r\n(CVE-2011-1764)\r\n\r\nThe oldstable distribution (lenny) is not affected by this problem\r\nbecause it does not contain DKIM support.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 4.72-6+squeeze1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 4.75-3.\r\n\r\nWe recommend that you upgrade your exim4 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJNxE8nAAoJEL97/wQC1SS+nZoH/jaNT16XBbfV2ZS6HMiLIKN2\r\nA4rKL50ApLUTyS1ItJmEU5rU+oStNJWdviotI6f5SNB3kumKevC5z/Vt8nv+0luf\r\nGSkutY8v8WkjJZb6153nr/QGCjveQpHcayLwBylrVBsr6vhlpe/HpGViU9bpwP+k\r\ntaU6gS9RlKdAnYPbxQN6VU5OZsNAUvxdYWitnlG0A5uzE0dgMHmb2Blh/l0uvFo9\r\ngeBFojcIkg5zXyMQSgXkefwGGaBd2E0MkQRaCkqle4bASRiqB899ltCMCqiFF5j7\r\nzVYZGz0ATEjqN4IWV+wlYh6ifMSSKlnvvOJwzjVjM5sfmV6DC8h5r1saWrnMPNw=\r\n=0W3K\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-05-08T00:00:00", "published": "2011-05-08T00:00:00", "id": "SECURITYVULNS:DOC:26321", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26321", "title": "[SECURITY] [DSA 2232-1] exim4 security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:18:56", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5671"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2566-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nOctober 25, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : exim4\nVulnerability : heap-based buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-5671\n\nIt was discovered that Exim, a mail transport agent, is not properly\nhandling the decoding of DNS records for DKIM. Specifically, crafted\nrecords can yield to a heap-based buffer overflow. An attacker can\nexploit this flaw to execute arbitrary code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.72-6+squeeze3.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 4.80-5.1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.80-5.1.\n\n\nWe recommend that you upgrade your exim4 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 7, "modified": "2012-10-26T10:16:10", "published": "2012-10-26T10:16:10", "id": "DEBIAN:DSA-2566-1:01A97", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00210.html", "title": "[SECURITY] [DSA 2566-1] exim4 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:21:43", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1764"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2232-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMay 06, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : exim4\nVulnerability : format string vulnerability\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1764\nDebian Bug : 624670\n\nIt was discovered that Exim, the default mail transport agent in\nDebian, uses DKIM data obtain from DNS directly in a format string,\npotentially allowing malicious mail senders to execute arbitrary code.\n(CVE-2011-1764)\n\nThe oldstable distribution (lenny) is not affected by this problem\nbecause it does not contain DKIM support.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.72-6+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.75-3.\n\nWe recommend that you upgrade your exim4 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-05-06T19:41:44", "published": "2011-05-06T19:41:44", "id": "DEBIAN:DSA-2232-1:EEBA9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00101.html", "title": "[SECURITY] [DSA 2232-1] exim4 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:27:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1764"], "description": "Andreas Metzler uploaded new packages for exim4 which fixed the\nfollowing security problems:\n\nCVE-2011-1764\n DKIM related format string vulnerability\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 4.72-6+squeeze1~bpo50+1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.72-6+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.75-3.\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository to\n200 so that new versions of installed backports will be installed\nautomatically. \n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n\n", "edition": 3, "modified": "2011-05-12T10:02:02", "published": "2011-05-12T10:02:02", "id": "DEBIAN:BSA-035:C1324", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201105/msg00001.html", "title": "[BSA-035] Security Update for exim4", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:44", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5671"], "description": "\nThis vulnerability affects Exim instances built with DKIM\n\tenabled (this is the default for FreeBSD Exim port) and running\n\tverification of DKIM signatures on the incoming mail\n\tmessages.\nPhil Penncock reports:\n\nThis is a SECURITY release, addressing a CRITICAL remote\n\t code execution flaw in versions of Exim between 4.70 and\n\t 4.80 inclusive, when built with DKIM support (the default).\nThis security vulnerability can be exploited by anyone\n\t who can send email from a domain for which they control the\n\t DNS.\nYou are not vulnerable if you built Exim with DISABLE_DKIM\n\t or if you put this at the start of an ACL plumbed into\n\t acl_smtp_connect or acl_smtp_rcpt:\nwarn control = dkim_disable_verify\n\n", "edition": 4, "modified": "2012-10-25T00:00:00", "published": "2012-10-25T00:00:00", "id": "B0F3AB1F-1F3B-11E2-8FE9-0022156E8794", "href": "https://vuxml.freebsd.org/freebsd/b0f3ab1f-1f3b-11e2-8fe9-0022156e8794.html", "title": "Exim -- remote code execution", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:59", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1407", "CVE-2011-1764"], "description": "\nRelease notes for Exim 4.76 says:\n\nBugzilla 1106: CVE-2011-1764 - DKIM log line was subject to\n\t a format-string attack -- SECURITY: remote arbitrary code\n\t execution.\nDKIM signature header parsing was double-expanded, second\n\t time unintentionally subject to list matching rules, letting\n\t the header cause arbitrary Exim lookups (of items which can\n\t occur in lists, *not* arbitrary string expansion). This\n\t allowed for information disclosure.\n\nAlso, impact assessment was redone shortly after the original\n\t announcement:\n\nFurther analysis revealed that the second security was\n\t more severe than I realised at the time that I wrote the\n\t announcement. The second security issue has been assigned\n\t CVE-2011-1407 and is also a remote code execution flaw.\n\t For clarity: both issues were introduced with 4.70.\n\n", "edition": 4, "modified": "2011-05-10T00:00:00", "published": "2011-05-10T00:00:00", "id": "36594C54-7BE7-11E0-9838-0022156E8794", "href": "https://vuxml.freebsd.org/freebsd/36594c54-7be7-11e0-9838-0022156e8794.html", "title": "Exim -- remote code execution and information disclosure", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5671"], "description": "Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail. ", "modified": "2012-10-31T02:56:41", "published": "2012-10-31T02:56:41", "id": "FEDORA:2C13C20AFC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: exim-4.76-4.fc16.2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5671"], "description": "Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail. ", "modified": "2012-10-30T03:45:24", "published": "2012-10-30T03:45:24", "id": "FEDORA:1DCD120B4F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: exim-4.76-9.fc17", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5671"], "description": "Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail. ", "modified": "2012-11-08T06:34:59", "published": "2012-11-08T06:34:59", "id": "FEDORA:EA14D21D0C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: exim-4.80.1-1.fc18", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1407", "CVE-2011-1764"], "description": "Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail. ", "modified": "2011-05-19T04:32:04", "published": "2011-05-19T04:32:04", "id": "FEDORA:135E6110BF7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: exim-4.76-2.fc15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2023", "CVE-2011-1407", "CVE-2011-1764"], "description": "Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail. ", "modified": "2011-05-17T20:56:10", "published": "2011-05-17T20:56:10", "id": "FEDORA:93AA71108B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: exim-4.76-1.fc14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2023", "CVE-2010-2024", "CVE-2011-1407", "CVE-2011-1764"], "description": "Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail. ", "modified": "2011-05-17T20:57:49", "published": "2011-05-17T20:57:49", "id": "FEDORA:1C904110819", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: exim-4.76-1.fc13", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nmap": [{"lastseen": "2019-05-30T17:05:21", "description": "Checks for a format string vulnerability in the Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified Mail (DKIM) support (CVE-2011-1764). The DKIM logging mechanism did not use format string specifiers when logging some parts of the DKIM-Signature header field. A remote attacker who is able to send emails, can exploit this vulnerability and execute arbitrary code with the privileges of the Exim daemon. \n\nReference: \n\n * http://bugs.exim.org/show_bug.cgi?id=1106\n * http://thread.gmane.org/gmane.mail.exim.devel/4946\n * https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1764\n * http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail\n\n## Script Arguments \n\n#### smtp-vuln-cve2011-1764.mailto \n\nDefine the destination email address to be used.\n\n#### smtp-vuln-cve2011-1764.mailfrom \n\nDefine the source email address to be used.\n\n#### smtp.domain \n\nSee the documentation for the smtp library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the smbauth library. \n\n#### vulns.short, vulns.showall \n\nSee the documentation for the vulns library. \n\n## Example Usage \n \n \n nmap --script=smtp-vuln-cve2011-1764 -pT:25,465,587 <host>\n \n\n## Script Output \n \n \n PORT STATE SERVICE\n 25/tcp open smtp\n | smtp-vuln-cve2011-1764:\n | VULNERABLE:\n | Exim DKIM format string\n | State: VULNERABLE\n | IDs: CVE:CVE-2011-1764 BID:47736\n | Risk factor: High CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n | Description:\n | Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified\n | Mail (DKIM) support is vulnerable to a format string. A remote attacker\n | who is able to send emails, can exploit this vulnerability and execute\n | arbitrary code with the privileges of the Exim daemon.\n | Disclosure date: 2011-04-29\n | References:\n | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764\n | https://www.securityfocus.com/bid/47736\n |_ http://bugs.exim.org/show_bug.cgi?id=1106\n \n\n## Requires \n\n * shortport\n * smtp\n * stdnse\n * string\n * table\n * vulns\n\n* * *\n", "edition": 10, "published": "2011-07-18T10:21:01", "title": "smtp-vuln-cve2011-1764 NSE Script", "type": "nmap", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1764"], "modified": "2019-04-02T16:51:36", "id": "NMAP:SMTP-VULN-CVE2011-1764.NSE", "href": "https://nmap.org/nsedoc/scripts/smtp-vuln-cve2011-1764.html", "sourceData": "local shortport = require \"shortport\"\nlocal smtp = require \"smtp\"\nlocal stdnse = require \"stdnse\"\nlocal string = require \"string\"\nlocal table = require \"table\"\nlocal vulns = require \"vulns\"\n\ndescription = [[\nChecks for a format string vulnerability in the Exim SMTP server\n(version 4.70 through 4.75) with DomainKeys Identified Mail (DKIM) support\n(CVE-2011-1764). The DKIM logging mechanism did not use format string\nspecifiers when logging some parts of the DKIM-Signature header field.\nA remote attacker who is able to send emails, can exploit this vulnerability\nand execute arbitrary code with the privileges of the Exim daemon.\n\nReference:\n* http://bugs.exim.org/show_bug.cgi?id=1106\n* http://thread.gmane.org/gmane.mail.exim.devel/4946\n* https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1764\n* http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail\n]]\n\n---\n-- @usage\n-- nmap --script=smtp-vuln-cve2011-1764 -pT:25,465,587 <host>\n--\n-- @output\n-- PORT STATE SERVICE\n-- 25/tcp open smtp\n-- | smtp-vuln-cve2011-1764:\n-- | VULNERABLE:\n-- | Exim DKIM format string\n-- | State: VULNERABLE\n-- | IDs: CVE:CVE-2011-1764 BID:47736\n-- | Risk factor: High CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n-- | Description:\n-- | Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified\n-- | Mail (DKIM) support is vulnerable to a format string. A remote attacker\n-- | who is able to send emails, can exploit this vulnerability and execute\n-- | arbitrary code with the privileges of the Exim daemon.\n-- | Disclosure date: 2011-04-29\n-- | References:\n-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764\n-- | https://www.securityfocus.com/bid/47736\n-- |_ http://bugs.exim.org/show_bug.cgi?id=1106\n--\n-- @args smtp-vuln-cve2011-1764.mailfrom Define the source email address to\n-- be used.\n-- @args smtp-vuln-cve2011-1764.mailto Define the destination email address\n-- to be used.\n\nauthor = \"Djalal Harouni\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"intrusive\", \"vuln\"}\n\n\nportrule = function (host, port)\n if port.version.product ~= nil and port.version.product ~= \"Exim smtpd\" then\n return false\n end\n return shortport.port_or_service({25, 465, 587},\n {\"smtp\", \"smtps\", \"submission\"})(host, port)\nend\n\nlocal function smtp_finish(socket, status, msg)\n if socket then\n socket:close()\n end\n return status, msg\nend\n\nlocal function get_exim_banner(response)\n local banner, version\n banner = response:match(\"%d+%s(.+)\")\n if banner and banner:match(\"Exim\") then\n version = tonumber(banner:match(\"Exim%s([0-9%.]+)\"))\n end\n return banner, version\nend\n\n-- Sends the mail with the evil DKIM-Signatures header.\n-- Returns true, true if the Exim server is vulnerable\nlocal function check_dkim(socket, smtp_opts)\n local killed = false\n\n stdnse.debug2(\"checking the Exim DKIM Format String\")\n\n local status, response = smtp.mail(socket, smtp_opts.mailfrom)\n if not status then\n return status, response\n end\n\n status, response = smtp.recipient(socket, smtp_opts.mailto)\n if not status then\n return status, response\n end\n\n status, response = smtp.datasend(socket)\n if not status then\n return status, response\n end\n\n local message = (\n string.format( \"MIME-Version: 1.0\\r\\nFrom: <%s>\\r\\nTo: <%s>\\r\\n\",\n smtp_opts.mailfrom, smtp_opts.mailto)\n ..\"Subject: Nmap Exim DKIM Format String check\\r\\n\"\n -- use a fake DKIM-Signature header.\n ..\"DKIM-Signature: v=1; a=%s%s%s%s;\"\n ..\" c=%s%s%s%s; q=dns/txt;\\r\\n\"\n ..\" d=%s%s%s%s; s=%s%s%s%s;\\r\\n\"\n ..\" h=mime-version:from:to:subject;\\r\\n\"\n ..\" bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=;\\r\\n\"\n ..\" b=DyE0uKynaea3Y66zkrnMaBqtYPYVXhazCKGBiZKMNywclgbj0MkREPH3t2EWByev9g=\\r\\n\"\n )\n status, response = socket:send(message)\n if not status then\n return status, \"failed to send the message.\"\n end\n\n status, response = smtp.query(socket, \".\")\n if not status then\n if string.match(response, \"connection closed\") then\n stdnse.debug2(\"Exim server is vulnerable to DKIM Format String\")\n killed = true\n else\n return status, \"failed to terminate the message, seems NOT VULNERABLE\"\n end\n end\n\n return true, killed\nend\n\n-- Checks if the Exim server is vulnerable to CVE-2011-1764\nlocal function check_exim(smtp_opts)\n local smtp_server = {}\n local exim_ver_min, exim_ver_max = 4.70, 4.75\n\n local socket, ret = smtp.connect(smtp_opts.host,\n smtp_opts.port,\n {ssl = true,\n timeout = 10000,\n recv_before = true,\n lines = 1})\n\n if not socket then\n return smtp_finish(nil, socket, ret)\n end\n\n smtp_server.banner, smtp_server.version = get_exim_banner(ret)\n if not smtp_server.banner then\n return smtp_finish(socket, false,\n 'failed to read the SMTP banner.')\n elseif not smtp_server.banner:match(\"Exim\") then\n return smtp_finish(socket, false,\n 'not a Exim server: NOT VULNERABLE')\n end\n\n local vuln = smtp_opts.vuln\n vuln.extra_info = {}\n if smtp_server.version then\n if smtp_server.version <= exim_ver_max and\n smtp_server.version >= exim_ver_min then\n vuln.state = vulns.STATE.LIKELY_VULN\n table.insert(vuln.extra_info,\n string.format(\"Exim version: %.02f\", smtp_server.version))\n else\n vuln.state = vulns.STATE.NOT_VULN\n return smtp_finish(socket, true)\n end\n end\n\n local status, response = smtp.ehlo(socket, smtp_opts.domain)\n if not status then\n return smtp_finish(socket, status, response)\n end\n\n -- set the appropriate 'MAIL FROM' and 'RCPT TO' values\n if not smtp_opts.mailfrom then\n smtp_opts.mailfrom = string.format(\"root@%s\", smtp_opts.domain)\n end\n if not smtp_opts.mailto then\n smtp_opts.mailto = string.format(\"postmaster@%s\",\n smtp_opts.host.targetname and\n smtp_opts.host.targetname or 'localhost')\n end\n\n status, ret = check_dkim(socket, smtp_opts)\n if not status then\n return smtp_finish(socket, status, ret)\n elseif ret then\n vuln.state = vulns.STATE.VULN\n elseif not vuln.state then\n vuln.state = vulns.STATE.NOT_VULN\n end\n\n return smtp_finish(socket, true)\nend\n\naction = function(host, port)\n local smtp_opts = {\n host = host,\n port = port,\n domain = stdnse.get_script_args('smtp.domain') or\n 'nmap.scanme.org',\n mailfrom = stdnse.get_script_args('smtp-vuln-cve2011-1764.mailfrom'),\n mailto = stdnse.get_script_args('smtp-vuln-cve2011-1764.mailto'),\n vuln = {\n title = 'Exim DKIM format string',\n IDS = {CVE = 'CVE-2011-1764', BID = '47736'},\n risk_factor = \"High\",\n scores = {\n CVSSv2 = \"7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)\",\n },\n description = [[\nExim SMTP server (version 4.70 through 4.75) with DomainKeys Identified\nMail (DKIM) support is vulnerable to a format string. A remote attacker\nwho is able to send emails, can exploit this vulnerability and execute\narbitrary code with the privileges of the Exim daemon.]],\n references = {\n 'http://bugs.exim.org/show_bug.cgi?id=1106',\n },\n dates = {\n disclosure = {year = '2011', month = '04', day = '29'},\n },\n },\n }\n\n local report = vulns.Report:new(SCRIPT_NAME, host, port)\n local status, err = check_exim(smtp_opts)\n if not status then\n stdnse.debug1(\"%s\", err)\n return nil\n end\n return report:make_output(smtp_opts.vuln)\nend\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0017", "CVE-2011-1407", "CVE-2010-4344", "CVE-2012-5671", "CVE-2010-4345", "CVE-2010-2024", "CVE-2010-2023", "CVE-2011-1764"], "edition": 1, "description": "### Background\n\nExim is a highly configurable, drop-in replacement for sendmail.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with root privileges, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Exim users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-mta/exim-4.80.1\"", "modified": "2014-01-27T00:00:00", "published": "2014-01-27T00:00:00", "id": "GLSA-201401-32", "href": "https://security.gentoo.org/glsa/201401-32", "type": "gentoo", "title": "Exim: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kitploit": [{"lastseen": "2020-12-08T23:27:41", "bulletinFamily": "tools", "cvelist": ["CVE-2017-9798", "CVE-2018-2893", "CVE-2012-1675", "CVE-2011-1720", "CVE-2017-7494", "CVE-2017-3248", "CVE-2017-5638", "CVE-2017-10271", "CVE-2018-11776", "CVE-2010-4344", "CVE-2017-9805", "CVE-2014-6271", "CVE-2015-0240", "CVE-2016-8735", "CVE-2017-12617", "CVE-2011-1764", "CVE-2012-2122", "CVE-2015-4852"], "description": "[  ](<https://2.bp.blogspot.com/-b-yEHDNsbTk/XEN8U7E8E2I/AAAAAAAAN8A/cGC9Z8NjoSUkGMyEFR9xJYU2XISstK8EgCLcBGAs/s1600/jok3r_1_logo.png>)\n\n \n_ Jok3r _ is a Python3 CLI application which is aimed at ** helping penetration testers for network infrastructure and web black-box security tests ** . \nIts main goal is to ** save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challenging stuff ** . \nTo achieve that, it ** combines open-source Hacking tools to run various security checks against all common network services. ** \n** \n** [ ](<https://draft.blogger.com/null>) \n** Main features ** \n** Toolbox management ** : \n\n\n * Install automatically all the hacking tools used by _ Jok3r _ , \n * Keep the toolbox up-to-date, \n * Easily add new tools. \n** Attack automation ** : \n\n\n * Target most common network services (including web), \n * Run security checks by chaining hacking tools, following standard process (Reconaissance, Vulnerability scanning, Exploitation, Account bruteforce, (Basic) Post-exploitation). \n * Let _ Jok3r _ automatically choose the checks to run according to the context and knowledge about the target, \n** Mission management / Local database ** : \n\n\n * Organize targets by missions in local database, \n * Fully manage missions and targets (hosts/services) via interactive shell (like msfconsole db), \n * Access results from security checks. \n_ Jok3r _ has been built with the ambition to be easily and quickly customizable: Tools, security checks, supported network services... can be easily added/edited/removed by editing settings files with an easy-to-understand syntax. \n \n[ ](<https://draft.blogger.com/null>) \n** Installation ** \n** The recommended way to use Jok3r is inside a Docker container so you will not have to worry about dependencies issues and installing the various hacking tools of the toolbox. ** \n \nA Docker image is available on Docker Hub and automatically re-built at each update: [ https://hub.docker.com/r/koutto/jok3r/ ](<https://hub.docker.com/r/koutto/jok3r/>) . It is initially based on official Kali Linux Docker image (kalilinux/kali-linux-docker). \n \n** Pull Jok3r Docker Image: ** \n\n \n \n sudo docker pull koutto/jok3r\n\n** Run fresh Docker container: ** \n\n \n \n sudo docker run -i -t --name jok3r-container -w /root/jok3r --net=host koutto/jok3r\n\n** Important: --net=host option is required to share host's interface. It is needed for reverse connections (e.g. Ping to container when testing for RCE, Get a reverse shell) ** \nJok3r and its toolbox is ready-to-use ! \n\n\n * To re-run a stopped container: \n \n \n sudo docker start -i jok3r-container\n\n * To open multiple shells inside the container: \n \n \n sudo docker exec -it jok3r-container bash\n\nFor information about building your own Docker image or installing _ Jok3r _ on your system without using Docker, refer to [ https://jok3r.readthedocs.io/en/latest/installation.html ](<https://jok3r.readthedocs.io/en/latest/installation.html>) \n \n[ ](<https://draft.blogger.com/null>) \n** Quick usage examples ** \n** Show all the tools in the toolbox ** \n\n \n \n python3 jok3r.py toolbox --show-all\n\n** Install all the tools in the toolbox ** \n\n \n \n python3 jok3r.py toolbox --install-all --fast\n\n** Update all the tools in the toolbox ** \n\n \n \n python3 jok3r.py toolbox --update-all --fast\n\n** List supported services ** \n\n \n \n python3 jok3r.py info --services\n\n** Show security checks for HTTP ** \n\n \n \n python3 jok3r.py info --checks http\n\n** Create a new mission in local database ** \n\n \n \n python3 jok3r.py db\n \n jok3rdb[default]> mission -a MayhemProject\n \n [+] Mission \"MayhemProject\" successfully added\n [*] Selected mission is now MayhemProject\n \n jok3rdb[MayhemProject]>\n\n** Run security checks against an URL and add results to the mission ** \n\n \n \n python3 jok3r.py attack -t https://www.example.com/webapp/ --add MayhemProject\n\n** Run security checks against a MSSQL service (without user-interaction) and add results to the mission ** \n\n \n \n python3 jok3r.py attack -t 192.168.1.42:1433 -s mssql --add MayhemProject --fast\n\n** Import hosts/services from Nmap results into the mission scope ** \n\n \n \n python3 jok3r.py db\n \n jok3rdb[default]> mission MayhemProject\n \n [*] Selected mission is now MayhemProject\n \n jok3rdb[MayhemProject]> nmap results.xml\n\n** Run security checks against all services in the given mission and store results in the database ** \n\n \n \n python3 jok3r.py attack -m MayhemProject --fast\n\n** Run security checks against only FTP services running on ports 21/tcp and 2121/tcp from the mission ** \n\n \n \n python3 jok3r.py attack -m MayhemProject -f \"port=21,2121;service=ftp\" --fast\n\n** Run security checks against only FTP services running on ports 2121/tcp and all HTTP services on 192.168.1.42 from the mission ** \n\n \n \n python3 jok3r.py attack -m MayhemProject -f \"port=2121;service=ftp\" -f \"ip=192.168.1.42;service=http\"\n\n[ ](<https://draft.blogger.com/null>) \n \n** Typical usage example ** \nYou begin a pentest with several servers in the scope. Here is a typical example of usage of _ JoK3r _ : \n\n\n 1. You run _ Nmap _ scan on the servers in the scope. \n 2. You create a new mission (let's say \"MayhemProject\") in the local database: \n \n \n python3 jok3r.py db\n \n jok3rdb[default]> mission -a MayhemProject\n \n [+] Mission \"MayhemProject\" successfully added\n [*] Selected mission is now MayhemProject\n \n jok3rdb[MayhemProject]>\n\n 3. You import your results from _ Nmap _ scan in the database: \n \n \n jok3rdb[MayhemProject]> nmap results.xml\n\n 4. You can then have a quick overview of all services and hosts in the scope, add some comments, add some credentials if you already have some knowledge about the targets (grey box pentest), and so on \n \n \n jok3rdb[MayhemProject]> hosts\n \n [...]\n \n jok3rdb[MayhemProject]> services\n \n [...]\n\n 5. Now, you can run security checks against some targets in the scope. For example, if you want to run checks against all Java-RMI services in the scope, you can run the following command: \n \n \n python3 jok3r.py attack -m MayhemProject -f \"service=java-rmi\" --fast\n\n 6. You can view the results from the security checks either in live when the tools are executed or later from the database using the following command: \n \n \n jok3rdb[MayhemProject]> results\n\n[ ](<https://draft.blogger.com/null>) \n \n** Full Documentation ** \nDocumentation is available at: [ https://jok3r.readthedocs.io/ ](<https://jok3r.readthedocs.io/>) \n \n[ ](<https://draft.blogger.com/null>) \n** Supported Services & Security Checks ** \n** Lots of checks remain to be implemented and services must be added !! Work in progress ... ** \n\n\n * [ AJP (default 8009/tcp) ](<https://github.com/koutto/jok3r#ajp-default-8009-tcp>)\n * [ FTP (default 21/tcp) ](<https://github.com/koutto/jok3r#ftp-default-21-tcp>)\n * [ HTTP (default 80/tcp) ](<https://github.com/koutto/jok3r#http-default-80-tcp>)\n * [ Java-RMI (default 1099/tcp) ](<https://github.com/koutto/jok3r#java-rmi-default-1099-tcp>)\n * [ JDWP (default 9000/tcp) ](<https://github.com/koutto/jok3r#jdwp-default-9000-tcp>)\n * [ MSSQL (default 1433/tcp) ](<https://github.com/koutto/jok3r#mssql-default-1433-tcp>)\n * [ MySQL (default 3306/tcp) ](<https://github.com/koutto/jok3r#mysql-default-3306-tcp>)\n * [ Oracle (default 1521/tcp) ](<https://github.com/koutto/jok3r#oracle-default-1521-tcp>)\n * [ PostgreSQL (default 5432/tcp) ](<https://github.com/koutto/jok3r#postgresql-default-5432-tcp>)\n * [ RDP (default 3389/tcp) ](<https://github.com/koutto/jok3r#rdp-default-3389-tcp>)\n * [ SMB (default 445/tcp) ](<https://github.com/koutto/jok3r#smb-default-445-tcp>)\n * [ SMTP (default 25/tcp) ](<https://github.com/koutto/jok3r#smtp-default-25-tcp>)\n * [ SNMP (default 161/udp) ](<https://github.com/koutto/jok3r#snmp-default-161-udp>)\n * [ SSH (default 22/tcp) ](<https://github.com/koutto/jok3r#ssh-default-22-tcp>)\n * [ Telnet (default 21/tcp) ](<https://github.com/koutto/jok3r#telnet-default-21-tcp>)\n * [ VNC (default 5900/tcp) ](<https://github.com/koutto/jok3r#vnc-default-5900-tcp>)\n\n \n\n\n[ ](<https://draft.blogger.com/null>) \n** AJP (default 8009/tcp) ** \n\n \n \n +------------------------+------------+-------------------------------------------------------------------------------------------------+----------------+\n | Name | Category | Description | Tool used |\n +------------------------+------------+-------------------------------------------------------------------------------------------------+----------------+\n | nmap-recon | recon | Recon using Nmap AJP scripts | nmap |\n | tomcat-version | recon | Fingerprint Tomcat version through AJP | ajpy |\n | vuln-lookup | vulnscan | Vulnerability lookup in Vulners.com (NSE scripts) and exploit-db.com (lots of false positive !) | vuln-databases |\n | default-creds-tomcat | bruteforce | Check [default credentials](<https://www.kitploit.com/search/label/Default%20Credentials>) for Tomcat Application Manager | ajpy |\n | deploy-webshell-tomcat | exploit | Deploy a webshell on Tomcat through AJP | ajpy |\n +------------------------+------------+-------------------------------------------------------------------------------------------------+----------------+\n\n[ ](<https://draft.blogger.com/null>) \n** FTP (default 21/tcp) ** \n\n \n \n +------------------+------------+-------------------------------------------------------------------------------------------------+----------------+\n | Name | Category | Description | Tool used |\n +------------------+------------+-------------------------------------------------------------------------------------------------+----------------+\n | nmap-recon | recon | Recon using Nmap FTP scripts | nmap |\n | nmap-vuln-lookup | vulnscan | Vulnerability lookup in Vulners.com (NSE scripts) and exploit-db.com (lots of false positive !) | vuln-databases |\n | ftpmap-scan | vulnscan | Identify FTP server soft/version and check for known vulns | ftpmap |\n | common-creds | bruteforce | Check common credentials on FTP server | patator |\n | bruteforce-creds | bruteforce | Bruteforce FTP accounts | patator |\n +------------------+------------+-------------------------------------------------------------------------------------------------+----------------+\n\n[ ](<https://draft.blogger.com/null>) \n** HTTP (default 80/tcp) ** \n\n \n \n +--------------------------------------+-------------+--------------------------------------------------------------------------------------------------+--------------------------------+\n | Name | Category | Description | Tool used |\n +--------------------------------------+-------------+--------------------------------------------------------------------------------------------------+--------------------------------+\n | nmap-recon | recon | Recon using Nmap HTTP scripts | nmap |\n | load-balancing-detection | recon | HTTP load balancer detection | halberd |\n | waf-detection | recon | Identify and fingerprint WAF products protecting website | wafw00f |\n | tls-probing | recon | Identify the implementation in use by SSL/TLS servers (might allow server fingerprinting) | tls-prober |\n | fingerprinting-multi-whatweb | recon | Identify CMS, blogging platforms, JS libraries, Web servers | whatweb |\n | fingerprinting-app-server | recon | Fingerprint application server (JBoss, ColdFusion, Weblogic, Tomcat, Railo, Axis2, Glassfish) | clusterd |\n | fingerprinting-server-domino | recon | Fingerprint IBM/Lotus Domino server | domiowned |\n | fingerprinting-cms-wig | recon | Identify several CMS and other administrative applications | wig |\n | fingerprinting-cms-cmseek | recon | Detect CMS (130+ supported), detect version on Drupal, advanced scan on Wordpress/Joomla | cmseek |\n | fingerprinting-cms-fingerprinter | recon | Fingerprint precisely CMS versions (based on files checksums) | fingerprinter |\n | fingerprinting-cms-cmsexplorer | recon | Find plugins and themes (using bruteforce) installed in a CMS (Wordpress, Drupal, Joomla, Mambo) | cmsexplorer |\n | fingerprinting-drupal | recon | Fingerprint Drupal 7/8: users, nodes, default files, modules, themes enumeration | drupwn |\n | crawling-fast | recon | Crawl website quickly, analyze interesting files/directories | dirhunt |\n | crawling-fast2 | recon | Crawl website and extract URLs, files, intel & endpoints | photon |\n | vuln-lookup | vulnscan | Vulnerability lookup in Vulners.com (NSE scripts) and exploit-db.com (lots of false positive !) | vuln-databases |\n | ssl-check | vulnscan | Check for SSL/TLS configuration | testssl |\n | vulnscan-multi-nikto | vulnscan | Check for multiple web vulnerabilities/misconfigurations | nikto |\n | default-creds-web-multi | vulnscan | Check for default credentials on various web interfaces | changeme |\n | webdav-scan-davscan | vulnscan | Scan HTTP WebDAV | davscan |\n | webdav-scan-msf | vulnscan | Scan HTTP WebDAV | metasploit |\n | webdav-internal-ip-disclosure | vulnscan | Check for WebDAV internal IP disclosure | metasploit |\n | webdav-website-content | vulnscan | Detect webservers disclosing its content through WebDAV | metasploit |\n | http-put-check | vulnscan | Detect the support of dangerous HTTP PUT method | metasploit |\n | apache-optionsbleed-check | vulnscan | Test for the Optionsbleed bug in Apache httpd (CVE-2017-9798) | optionsbleed |\n | shellshock-scan | vulnscan | Detect if web server is vulnerable to Shellshock (CVE-2014-6271) | shocker |\n | iis-shortname-scan | vulnscan | Scan for IIS short filename (8.3) disclosure vulnerability | iis-shortname-scanner |\n | iis-internal-ip-disclosure | vulnscan | Check for IIS internal IP disclosure | metasploit |\n | tomcat-user-enum | vulnscan | Enumerate users on Tomcat 4.1.0 - 4.1.39, 5.5.0 - 5.5.27, and 6.0.0 - 6.0.18 | metasploit |\n | jboss-vulnscan-multi | vulnscan | Scan JBoss application server for multiple vulnerabilities | metasploit |\n | jboss-status-infoleak | vulnscan | Queries JBoss status servlet to collect [sensitive information](<https://www.kitploit.com/search/label/Sensitive%20Information>) (JBoss 4.0, 4.2.2 and 4.2.3) | metasploit |\n | jenkins-infoleak | vulnscan | Enumerate a remote Jenkins-CI installation in an unauthenticated manner | metasploit |\n | cms-multi-vulnscan-cmsmap | vulnscan | Check for vulnerabilities in CMS Wordpress, Drupal, Joomla | cmsmap |\n | wordpress-vulscan | vulnscan | Scan for vulnerabilities in CMS Wordpress | wpscan |\n | wordpress-vulscan2 | vulnscan | Scan for vulnerabilities in CMS Wordpress | wpseku |\n | joomla-vulnscan | vulnscan | Scan for vulnerabilities in CMS Joomla | joomscan |\n | joomla-vulnscan2 | vulnscan | Scan for vulnerabilities in CMS Joomla | joomlascan |\n | joomla-vulnscan3 | vulnscan | Scan for vulnerabilities in CMS Joomla | joomlavs |\n | drupal-vulnscan | vulnscan | Scan for vulnerabilities in CMS Drupal | droopescan |\n | magento-vulnscan | vulnscan | Check for misconfigurations in CMS Magento | magescan |\n | silverstripe-vulnscan | vulnscan | Scan for vulnerabilities in CMS Silverstripe | droopescan |\n | vbulletin-vulnscan | vulnscan | Scan for vulnerabilities in CMS vBulletin | vbscan |\n | liferay-vulnscan | vulnscan | Scan for vulnerabilities in CMS Liferay | liferayscan |\n | angularjs-csti-scan | vulnscan | Scan for AngularJS Client-Side Template Injection | angularjs-csti-scanner |\n | jboss-deploy-shell | exploit | Try to deploy shell on JBoss server (jmx|web|admin-console, JMXInvokerServlet) | jexboss |\n | struts2-rce-cve2017-5638 | exploit | Exploit Apache Struts2 Jakarta Multipart parser RCE (CVE-2017-5638) | jexboss |\n | struts2-rce-cve2017-9805 | exploit | Exploit Apache Struts2 REST Plugin XStream RCE (CVE-2017-9805) | struts-pwn-cve2017-9805 |\n | struts2-rce-cve2018-11776 | exploit | Exploit Apache Struts2 [misconfiguration](<https://www.kitploit.com/search/label/Misconfiguration>) RCE (CVE-2018-11776) | struts-pwn-cve2018-11776 |\n | tomcat-rce-cve2017-12617 | exploit | Exploit for Apache Tomcat JSP Upload Bypass RCE (CVE-2017-12617) | exploit-tomcat-cve2017-12617 |\n | jenkins-cliport-deserialize | exploit | Exploit Java deserialization in Jenkins CLI port | jexboss |\n | weblogic-t3-deserialize-cve2015-4852 | exploit | Exploit Java deserialization in Weblogic T3(s) (CVE-2015-4852) | loubia |\n | weblogic-t3-deserialize-cve2017-3248 | exploit | Exploit Java deserialization in Weblogic T3(s) (CVE-2017-3248) | exploit-weblogic-cve2017-3248 |\n | weblogic-t3-deserialize-cve2018-2893 | exploit | Exploit Java deserialization in Weblogic T3(s) (CVE-2018-2893) | exploit-weblogic-cve2018-2893 |\n | weblogic-wls-wsat-cve2017-10271 | exploit | Exploit WLS-WSAT in Weblogic - CVE-2017-10271 | exploit-weblogic-cve2017-10271 |\n | drupal-cve-exploit | exploit | Check and exploit CVEs in CMS Drupal 7/8 (include Drupalgeddon2) (require user interaction) | drupwn |\n | bruteforce-domino | bruteforce | Bruteforce against IBM/Lotus Domino server | domiowned |\n | bruteforce-wordpress | bruteforce | Bruteforce Wordpress accounts | wpseku |\n | bruteforce-joomla | bruteforce | Bruteforce Joomla account | xbruteforcer |\n | bruteforce-drupal | bruteforce | Bruteforce Drupal account | xbruteforcer |\n | bruteforce-opencart | bruteforce | Bruteforce Opencart account | xbruteforcer |\n | bruteforce-magento | bruteforce | Bruteforce Magento account | xbruteforcer |\n | web-path-bruteforce-targeted | bruteforce | Bruteforce web paths when language is known (extensions adapted) (use raft wordlist) | dirsearch |\n | web-path-bruteforce-blind | bruteforce | Bruteforce web paths when language is unknown (use raft wordlist) | wfuzz |\n | web-path-bruteforce-opendoor | bruteforce | Bruteforce web paths using OWASP OpenDoor wordlist | wfuzz |\n | wordpress-shell-upload | postexploit | Upload shell on Wordpress if admin credentials are known | wpforce |\n +--------------------------------------+-------------+--------------------------------------------------------------------------------------------------+--------------------------------+\n\n[ ](<https://draft.blogger.com/null>) \n** Java-RMI (default 1099/tcp) ** \n\n \n \n +--------------------------------+-------------+--------------------------------------------------------------------------------------------------------+----------------+\n | Name | Category | Description | Tool used |\n +--------------------------------+-------------+--------------------------------------------------------------------------------------------------------+----------------+\n | nmap-recon | recon | Attempt to dump all objects from Java-RMI service | nmap |\n | rmi-enum | recon | Enumerate RMI services | barmie |\n | jmx-info | recon | Get information about JMX and the MBean server | twiddle |\n | vuln-lookup | vulnscan | Vulnerability lookup in Vulners.com (NSE scripts) and exploit-db.com (lots of false positive !) | vuln-databases |\n | jmx-bruteforce | bruteforce | Bruteforce creds to connect to JMX registry | jmxbf |\n | exploit-rmi-default-config | exploit | Exploit default config in RMI Registry to load classes from any remote URL (not working against JMX) | metasploit |\n | exploit-jmx-insecure-config | exploit | Exploit JMX insecure config. Auth disabled: should be vuln. Auth enabled: vuln if weak config | metasploit |\n | jmx-auth-disabled-deploy-class | exploit | Deploy malicious MBean on JMX service with auth disabled (alternative to msf module) | sjet |\n | tomcat-jmxrmi-deserialize | exploit | Exploit Java-RMI deserialize in Tomcat (CVE-2016-8735, CVE-2016-8735), req. JmxRemoteLifecycleListener | jexboss |\n | rmi-deserialize-all-payloads | exploit | Attempt to exploit Java deserialize against Java RMI Registry with all ysoserial payloads | ysoserial |\n | tomcat-jmxrmi-manager-creds | postexploit | Retrieve Manager creds on Tomcat JMX (req. auth disabled or creds known on JMX) | jmxploit |\n +--------------------------------+-------------+--------------------------------------------------------------------------------------------------------+----------------+\n\n[ ](<https://draft.blogger.com/null>) \n** JDWP (default 9000/tcp) ** \n\n \n \n +------------+----------+-----------------------------------------------------+-----------------+\n | Name | Category | Description | Tool used |\n +------------+----------+-----------------------------------------------------+-----------------+\n | nmap-recon | recon | Recon using Nmap JDWP scripts | nmap |\n | jdwp-rce | exploit | Gain RCE on JDWP service (show OS/Java info as PoC) | jdwp-shellifier |\n +------------+----------+-----------------------------------------------------+-----------------+\n\n[ ](<https://draft.blogger.com/null>) \n** MSSQL (default 1433/tcp) ** \n\n \n \n +-----------------------+-------------+--------------------------------------------------------------------------------------------------------------+-----------+\n | Name | Category | Description | Tool used |\n +-----------------------+-------------+--------------------------------------------------------------------------------------------------------------+-----------+\n | nmap-recon | recon | Recon using Nmap MSSQL scripts | nmap |\n | mssqlinfo | recon | Get technical information about a remote MSSQL server (use TDS protocol and SQL browser Server) | msdat |\n | common-creds | bruteforce | Check common/default credentials on MSSQL server | msdat |\n | bruteforce-sa-account | bruteforce | Bruteforce MSSQL \"sa\" account | msdat |\n | audit-mssql-postauth | postexploit | Check permissive privileges, methods allowing command execution, weak accounts after authenticating on MSSQL | msdat |\n +-----------------------+-------------+--------------------------------------------------------------------------------------------------------------+-----------+\n\n[ ](<https://draft.blogger.com/null>) \n** MySQL (default 3306/tcp) ** \n\n \n \n +----------------------------------+-------------+-------------------------------------------------------------------------+---------------+\n | Name | Category | Description | Tool used |\n +----------------------------------+-------------+-------------------------------------------------------------------------+---------------+\n | nmap-recon | recon | Recon using Nmap MySQL scripts | nmap |\n | mysql-auth-bypass-cve2012-2122 | exploit | Exploit password bypass vulnerability in MySQL - CVE-2012-2122 | metasploit |\n | default-creds | bruteforce | Check default credentials on MySQL server | patator |\n | mysql-hashdump | postexploit | Retrieve usernames and password hashes from MySQL database (req. creds) | metasploit |\n | mysql-interesting-tables-columns | postexploit | Search for interesting tables and columns in database | jok3r-scripts |\n +----------------------------------+-------------+-------------------------------------------------------------------------+---------------+\n\n[ ](<https://draft.blogger.com/null>) \n** Oracle (default 1521/tcp) ** \n\n \n \n +--------------------------+-------------+--------------------------------------------------------------------------------------------------------------+-----------+\n | Name | Category | Description | Tool used |\n +--------------------------+-------------+--------------------------------------------------------------------------------------------------------------+-----------+\n | tnscmd | recon | Connect to TNS Listener and issue commands Ping, Status, Version | odat |\n | tnspoisoning | vulnscan | Test if TNS Listener is vulnerable to TNS Poisoning (CVE-2012-1675) | odat |\n | common-creds | bruteforce | Check common/default credentials on Oracle server | odat |\n | bruteforce-creds | bruteforce | Bruteforce Oracle accounts (might block some accounts !) | odat |\n | audit-oracle-postauth | postexploit | Check for privesc vectors, config leading to command execution, weak accounts after authenticating on Oracle | odat |\n | search-columns-passwords | postexploit | Search for columns storing passwords in the database | odat |\n +--------------------------+-------------+--------------------------------------------------------------------------------------------------------------+-----------+\n\n[ ](<https://draft.blogger.com/null>) \n** PostgreSQL (default 5432/tcp) ** \n\n \n \n +---------------+------------+------------------------------------------------+-----------+\n | Name | Category | Description | Tool used |\n +---------------+------------+------------------------------------------------+-----------+\n | default-creds | bruteforce | Check default credentials on PostgreSQL server | patator |\n +---------------+------------+------------------------------------------------+-----------+\n\n[ ](<https://draft.blogger.com/null>) \n** RDP (default 3389/tcp) ** \n\n \n \n +----------+----------+-----------------------------------------------------------------------+------------+\n | Name | Category | Description | Tool used |\n +----------+----------+-----------------------------------------------------------------------+------------+\n | ms12-020 | vulnscan | Check for MS12-020 RCE vulnerability (any Windows before 13 Mar 2012) | metasploit |\n +---------+----------+-----------------------------------------------------------------------+------------+\n\n[ ](<https://draft.blogger.com/null>) \n** SMB (default 445/tcp) ** \n\n \n \n +-----------------------------------+-------------+-------------------------------------------------------------------------------+------------+\n | Name | Category | Description | Tool used |\n +-----------------------------------+-------------+-------------------------------------------------------------------------------+------------+\n | nmap-recon | recon | Recon using Nmap SMB scripts | nmap |\n | anonymous-enum-smb | recon | Attempt to perform enum (users, shares...) without account | nullinux |\n | nmap-vulnscan | vulnscan | Check for vulns in SMB (MS17-010, MS10-061, MS10-054, MS08-067...) using Nmap | nmap |\n | detect-ms17-010 | vulnscan | Detect MS17-010 SMB RCE | metasploit |\n | samba-rce-cve2015-0240 | vulnscan | Detect RCE vuln (CVE-2015-0240) in Samba 3.5.x and 3.6.X | metasploit |\n | exploit-rce-ms08-067 | exploit | Exploit for RCE vuln MS08-067 on SMB | metasploit |\n | exploit-rce-ms17-010-eternalblue | exploit | Exploit for RCE vuln MS17-010 EternalBlue on SMB | metasploit |\n | exploit-sambacry-rce-cve2017-7494 | exploit | Exploit for SambaCry RCE on Samba <= 4.5.9 (CVE-2017-7494) | metasploit |\n | auth-enum-smb | postexploit | Authenticated enumeration (users, groups, shares) on SMB | nullinux |\n | auth-shares-perm | postexploit | Get R/W permissions on SMB shares | smbmap |\n | smb-exec | postexploit | Attempt to get a remote shell (psexec-like, requires Administrator creds) | impacket |\n +-----------------------------------+-------------+-------------------------------------------------------------------------------+------------+\n\n[ ](<https://draft.blogger.com/null>) \n** SMTP (default 25/tcp) ** \n\n \n \n +----------------+----------+--------------------------------------------------------------------------------------------+----------------+\n | Name | Category | Description | Tool used |\n +----------------+----------+--------------------------------------------------------------------------------------------+----------------+\n | smtp-cve | vulnscan | Scan for vulnerabilities (CVE-2010-4344, CVE-2011-1720, CVE-2011-1764, open-relay) on SMTP | nmap |\n | smtp-user-enum | vulnscan | Attempt to perform user enumeration via SMTP commands EXPN, VRFY and RCPT TO | smtp-user-enum |\n +----------------+----------+--------------------------------------------------------------------------------------------+----------------+\n\n[ ](<https://draft.blogger.com/null>) \n** SNMP (default 161/udp) ** \n\n \n \n +--------------------------+-------------+---------------------------------------------------------------------+------------+\n | Name | Category | Description | Tool used |\n +--------------------------+-------------+---------------------------------------------------------------------+------------+\n | common-community-strings | bruteforce | Check common community strings on SNMP server | metasploit |\n | snmpv3-bruteforce-creds | bruteforce | Bruteforce SNMPv3 credentials | snmpwn |\n | enumerate-info | postexploit | Enumerate information provided by SNMP (and check for write access) | snmp-check |\n +--------------------------+-------------+---------------------------------------------------------------------+------------+\n\n[ ](<https://draft.blogger.com/null>) \n** SSH (default 22/tcp) ** \n\n \n \n +--------------------------------+------------+--------------------------------------------------------------------------------------------+-----------+\n | Name | Category | Description | Tool used |\n +--------------------------------+------------+--------------------------------------------------------------------------------------------+-----------+\n | vulns-algos-scan | vulnscan | Scan supported algorithms and security info on SSH server | ssh-audit |\n | user-enumeration-timing-attack | exploit | Try to perform OpenSSH (versions <= 7.2 and >= 5.*) user enumeration timing attack OpenSSH | osueta |\n | default-ssh-key | bruteforce | Try to authenticate on SSH server using known SSH keys | changeme |\n | default-creds | bruteforce | Check default credentials on SSH | patator |\n +--------------------------------+------------+--------------------------------------------------------------------------------------------+-----------+\n\n[ ](<https://draft.blogger.com/null>) \n** Telnet (default 21/tcp) ** \n\n \n \n +-------------------------+------------+----------------------------------------------------------------------------------+-----------+\n | Name | Category | Description | Tool used |\n +-------------------------+------------+----------------------------------------------------------------------------------+-----------+\n | nmap-recon | recon | Recon using Nmap Telnet scripts | nmap |\n | default-creds | bruteforce | Check default credentials on Telnet (dictionary from https://cirt.net/passwords) | patator |\n | bruteforce-root-account | bruteforce | Bruteforce \"root\" account on Telnet | patator |\n +-------------------------+------------+----------------------------------------------------------------------------------+-----------+\n\n[ ](<https://draft.blogger.com/null>) \n** VNC (default 5900/tcp) ** \n\n \n \n +-----------------+------------+-------------------------------------------------------------------------------------------------+----------------+\n | Name | Category | Description | Tool used |\n +-----------------+------------+-------------------------------------------------------------------------------------------------+----------------+\n | nmap-recon | recon | Recon using Nmap VNC scripts | nmap |\n | vuln-lookup | vulnscan | Vulnerability lookup in Vulners.com (NSE scripts) and exploit-db.com (lots of false positive !) | vuln-databases |\n | bruteforce-pass | bruteforce | Bruteforce VNC password | patator |\n +-----------------+------------+-------------------------------------------------------------------------------------------------+----------------+\n\n \n \n\n\n** [ Download Jok3R ](<https://github.com/koutto/jok3r>) **\n", "edition": 20, "modified": "2019-01-23T12:25:12", "published": "2019-01-23T12:25:12", "id": "KITPLOIT:5052987141331551837", "href": "http://www.kitploit.com/2019/01/jok3r-network-and-web-pentest-framework.html", "title": "Jok3R - Network And Web Pentest Framework", "type": "kitploit", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
