Page 4 of 26 results (0.033 seconds)

CVSS: 7.5EPSS: 9%CPEs: 70EXPL: 0

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character. Vulnerabilidad de formato de cadena en la función dkim_exim_verify_finish de src/dkim.c de Exim en versiones anteriores a 4.76. Puede permitir a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída del demonio) a través de especificadores de formato de cadena en datos usados en el logging DKIM, tal como se ha demostrado en un campo identity que contenga un carácter % (tanto por ciento). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670 http://bugs.exim.org/show_bug.cgi?id=1106 http://git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://secunia.com/advisories/51155 http://www.debian.org/security/2011/dsa-2232 https://bugzilla.redhat.com/show_bug.cgi?id=702474 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.9EPSS: 0%CPEs: 67EXPL: 0

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. La función open_log en log.c de Exim v4.72 y anteriores no comprueba el valor devuelto por (1) setuid o (2) llamadas del sistema setgid, lo que permite a usuarios locales anexar los datos de registro a los archivos de su elección mediante un ataque de enlace simbólico. • ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74 http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://osvdb.org/70696 http://secunia.com/advisories/43101 http://secunia.com/advisories/43128 http://secunia.com/advisories/43243 http://www.debian.org/security/2011/dsa-2154 http://www.securityfocus.com/bid/46065 http://www.ubuntu.com/usn/USN-1060-1 http://www.vupe • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 9.3EPSS: 75%CPEs: 64EXPL: 4

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. Desbordamiento de búfer basado en montículo en la función string_vformat en string.c en Exim antes de v4.70 permite a atacantes remotos ejecutar código arbitrario a través de una sesión de SMTP que incluye dos comandos MAIL junto con un mensaje de gran tamaño que contiene cabeceras modificadas, lo que lleva a un registro impropio del rechazo. Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session. • https://www.exploit-db.com/exploits/16925 https://www.exploit-db.com/exploits/15725 ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70 http://atmail.com/blog/2010/atmail-6204-now-available http://bugs.exim.org/show_bug.cgi?id=787 http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html http://openwall.com/lists/os • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 1%CPEs: 67EXPL: 1

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. Exim v4.72 y anteriores permiten a usuarios locales ganar privilegios potenciando la habilidad especificar un archivo de cuenta de usuario con una configuración alternativa mediante una directiva que contenga comandos de su elección, como se demostró con la directiva spool_directory. Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands. • https://www.exploit-db.com/exploits/16925 http://bugs.exim.org/show_bug.cgi?id=1044 http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html http://openwall.com/lists/oss-security/2010/12/10/1 http://secunia.com/advisories/42576 http://secunia.com/advisories/42930 http://secunia.com/advisories/43128 http://secunia • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.4EPSS: 0%CPEs: 33EXPL: 0

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file. transports/appendfile.c en Exim antes de v4.72, cuando se usa un directorio de correo con permisos de escritura para todos y sticky-bit activado, no verifica el campo de st_nlink de los ficheros de buzón de correo, que permite a usuarios locales causar una denegación de servicio o posiblemente obtener privilegios mediante la creación de un vínculo físico a un archivo de otro usuario. • http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html http://bugs.exim.org/show_bug.cgi?id=988 http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/40019 http://secunia.com/advisories/40123 http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •