Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2017-1000369

Published: 19/06/2017 Updated: 12/12/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 4 | Impact Score: 1.4 | Exploitability Score: 2.5
VMScore: 188
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Exim

Vulnerability Summary

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows malicious users to cause arbitrary code execution. This affects exim version 4.89 and previous versions. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

exim exim

exim exim 4.88

exim exim 4.89

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Ubuntu Security Notice: exim4 vulnerability
Exim could be made to run programs as an administrator ...
Red Hat: CVE-2017-1000369
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution This affects exim version 489 and earlier Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), ...
Arch Linux Issues:
An uncontrolled resource consumption flaw has been discovered in Exim before 4891 The use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed results in leaking memory While Exim itself is not vulnerable to privilege escalation, this particular flaw can be used by the stackguard vulnerability to achieve privilege e ...

References

CWE-404https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txthttps://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21https://access.redhat.com/security/cve/CVE-2017-1000369http://www.securityfocus.com/bid/99252http://www.securitytracker.com/id/1038779https://security.gentoo.org/glsa/201709-19http://www.debian.org/security/2017/dsa-3888https://usn.ubuntu.com/3322-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook