Published: 23/12/2002 Updated: 10/10/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Format string vulnerability in daemon.c for Exim 4.x up to and including 4.10, and 3.x up to and including 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
university of cambridge exim 3.35
university of cambridge exim 3.36
university of cambridge exim 4.10

source: wwwsecurityfocuscom/bid/6314/info A format string vulnerability has been discovered in Exim The problem occurs in the daemon_go() function By supplying malicious format strings via the command line, it is possible for an attacker to execute arbitrary code with root privileges It should be noted that the execution of the daemon ...

NVD-CWE-Other http://groups.yahoo.com/group/exim-users/message/42358 http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html http://www.securityfocus.com/bid/6314 http://marc.info/?l=bugtraq&m=103903403527788&w=2 http://marc.info/?l=bugtraq&m=104006219018664&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/10761 https://nvd.nist.gov https://www.exploit-db.com/exploits/22066/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-1381

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect