Published: 20/09/2001 Updated: 10/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote malicious user to execute arbitrary code via format strings in SMTP mail headers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
conectiva linux
university of cambridge exim
redhat linux
debian debian linux 4.0

Megyer Laszlo found a printf format bug in the exim mail transfer agent The code that checks the header syntax of an email logs an error without protecting itself against printf format attacks It's only exploitable locally with the -bS switch (in batched SMTP mode) This problem has been fixed in version 312-101 Since that code is not turned o ...

source: wwwsecurityfocuscom/bid/2828/info Exim is a free, open-source Mail Transfer Agent for Unix systems Exim is vulnerable to a locally exploitable format string attack which may compromise root access The vulnerability exists only when the 'syntax checking' mode is turned on, which it is not by default The vulnerability has to do ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html http://www.debian.org/security/2001/dsa-058 http://www.redhat.com/support/errata/RHSA-2001-078.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402 http://www.securityfocus.com/bid/2828 https://exchange.xforce.ibmcloud.com/vulnerabilities/6671 https://nvd.nist.gov https://www.debian.org/security/./dsa-058 https://www.exploit-db.com/exploits/20900/

CVE-2001-0690

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect