CVE-2010-4344

Beschreibung:
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

CWE: CWE-119

CVSS-Bewertung
CVSS 2: HIGH – 9.3 (Version: 2.0)
CVSS 3: MEDIUM – 5.3 (Version: 3.1)

Links:

NVD – CVE-2010-4344
CVE – CVE-2010-4344

Link (max. 20) Quelle Tags
[exim-dev] 20101210 Re: Remote root vulnerability in Exim MLIST Patch Vendor Advisory Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=661756 CONFIRM Exploit Third Party Advisory VDB Entry Third Party Advisory
40019 SECUNIA Vendor Advisory Third Party Advisory VDB Entry
[exim-dev] 20101207 Remote root vulnerability in Exim MLIST Vendor Advisory Third Party Advisory VDB Entry
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ MISC Third Party Advisory Third Party Advisory
http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b CONFIRM Patch VDB Entry
[oss-security] 20101210 Exim remote root MLIST Patch Third Party Advisory VDB Entry
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format MISC Third Party Advisory
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70 CONFIRM Third Party Advisory VDB Entry
69685 OSVDB Exploit Patch VDB Entry
http://bugs.exim.org/show_bug.cgi?id=787 CONFIRM Patch
USN-1032-1 UBUNTU Vendor Advisory
SUSE-SA:2010:059 SUSE Third Party Advisory Third Party Advisory VDB Entry
DSA-2131 DEBIAN Vendor Advisory
42576 SECUNIA Vendor Advisory
ADV-2010-3171 VUPEN Vendor Advisory
ADV-2010-3172 VUPEN Vendor Advisory
42586 SECUNIA Vendor Advisory
ADV-2010-3186 VUPEN Vendor Advisory
ADV-2010-3204 VUPEN Vendor Advisory Vendor Advisory

Quelle: NVD – CVE-2010-4344
Datum Veröffentlichung: 2010-12-14T16:00Z, Datum letzte Änderung: 2021-05-04T18:15Z