7.5
CVSSv2

CVE-2011-1764

Published: 05/10/2011 Updated: 21/02/2014
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 766
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim prior to 4.76 might allow remote malicious users to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

exim exim 4.50

exim exim 4.44

exim exim 4.63

exim exim 4.62

exim exim 4.61

exim exim 4.21

exim exim 4.22

exim exim 4.41

exim exim 4.40

exim exim 4.03

exim exim 4.02

exim exim 3.32

exim exim

exim exim 2.11

exim exim 4.10

exim exim 3.16

exim exim 3.01

exim exim 3.31

exim exim 4.24

exim exim 3.33

exim exim 4.30

exim exim 4.51

exim exim 4.74

exim exim 3.15

exim exim 2.12

exim exim 4.68

exim exim 4.23

exim exim 3.34

exim exim 3.00

exim exim 4.05

exim exim 3.14

exim exim 4.72

exim exim 4.14

exim exim 4.64

exim exim 4.04

exim exim 3.13

exim exim 4.70

exim exim 4.69

exim exim 4.66

exim exim 3.21

exim exim 3.30

exim exim 4.71

exim exim 4.67

exim exim 4.00

exim exim 4.43

exim exim 3.10

exim exim 4.52

exim exim 3.36

exim exim 4.60

exim exim 4.54

exim exim 4.01

exim exim 3.02

exim exim 3.03

exim exim 3.12

exim exim 3.20

exim exim 4.12

exim exim 3.22

exim exim 4.32

exim exim 4.11

exim exim 4.42

exim exim 4.31

exim exim 3.11

exim exim 3.35

exim exim 4.20

exim exim 2.10

exim exim 4.65

exim exim 4.53

exim exim 4.33

exim exim 4.73

exim exim 4.34

Vendor Advisories

Debian Bug report logs - #624670 exim4 dkim plugin - % in dkim signature logged to paniclog Package: exim4; Maintainer for exim4 is Exim4 Maintainers <pkg-exim4-maintainers@listsaliothdebianorg>; Source for exim4 is src:exim4 (PTS, buildd, popcon) Reported by: Suresh Ramasubramanian <suresh@hserusnet> Date: Sat, ...
Exim could be made to run arbitrary code under some conditions ...
It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code (CVE-2011-1764) The oldstable distribution (lenny) is not affected by this problem because it does not contain DKIM support For the stable distri ...

Nmap Scripts

smtp-vuln-cve2011-1764

Checks for a format string vulnerability in the Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified Mail (DKIM) support (CVE-2011-1764). The DKIM logging mechanism did not use format string specifiers when logging some parts of the DKIM-Signature header field. A remote attacker who is able to send emails, can exploit this vulnerability and execute arbitrary code with the privileges of the Exim daemon.

nmap --script=smtp-vuln-cve2011-1764 -pT:25,465,587 <host>

PORT STATE SERVICE 25/tcp open smtp | smtp-vuln-cve2011-1764: | VULNERABLE: | Exim DKIM format string | State: VULNERABLE | IDs: CVE:CVE-2011-1764 OSVDB:72156 | Risk factor: High CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Description: | Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified | Mail (DKIM) support is vulnerable to a format string. A remote attacker | who is able to send emails, can exploit this vulnerability and execute | arbitrary code with the privileges of the Exim daemon. | Disclosure date: 2011-04-29 | References: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764 | http://osvdb.org/72156 |_ http://bugs.exim.org/show_bug.cgi?id=1106

Github Repositories

jok3r*Jok3r* is a Python3 CLI application which is aimed at **helping penetration testers for network infrastructure and web black-box security tests**.

raw:: html image:: /pictures/logopng raw:: html image:: imgshieldsio/badge/python-36-bluesvg :target: wwwpythonorg/downloads/release/python-366/ :alt: Python 36 image:: readthedocsorg/projects/jok3r/badge/?version=latest :target: jok3rreadthedocsio/en/latest/ :alt: Documentation ReadTheDocs image:: im

Jok3r - Network and Web Pentest Framework

Jok3r - Network and Web Pentest Framework Jok3r es una aplicación CLI de Python3 que está dirigida a ayudar a los auditores de penetración en infraestructuras de red y pruebas de seguridad web de black-box Su principal objetivo es ahorrar tiempo en todo lo que se puede automatizar en la red/web a auditar para disfrutar más tiempo en cosas más

Jok3r v3 beta Network &amp; Web Pentest Automation Framework wwwjok3r-frameworkcomWARNING: Project is still in version 3 BETA It is still under active development and bugs might be present Many tests are going on: see githubcom/koutto/jok3r/blob/master/tests/TESTSrst Ideas, bug reports, contributions are welcome ! Overview Features Demos Architecture

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Jok3r v3 beta Network &amp; Web Pentest Automation Framework wwwjok3r-frameworkcomWARNING: Project is still in version 3 BETA It is still under active development and bugs might be present Many tests are going on: see githubcom/koutto/jok3r/blob/master/tests/TESTSrst Ideas, bug reports, contributions are welcome ! Overview Features Demos Architecture