CVE-2012-5671
 
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
Desbordamiento de búfer basado en memoria dinámica en la función dkim_exim_query_dns_txt en dkim.c en Exim v4.70 hasta v4.80, cuando el soporte DKIM está habilitado y acl_smtp_connect y acl_smtp_rcpt no están establecidos en "warn control = dkim_disable_verify", permite a atacantes remotos ejecutar código arbitrario a través de un correo electrónico de un servidor DNS malicioso.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-10-24 CVE Reserved
- 2012-10-26 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (15)
URL | Tag | Source |
---|---|---|
http://osvdb.org/86616 | Vdb Entry | |
http://secunia.com/advisories/51115 | Third Party Advisory | |
http://secunia.com/advisories/51153 | Third Party Advisory | |
http://secunia.com/advisories/51155 | Third Party Advisory | |
http://www.openwall.com/lists/oss-security/2012/10/26/5 | Mailing List | |
http://www.securityfocus.com/bid/56285 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/79615 | Vdb Entry | |
https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.70 Search vendor "Exim" for product "Exim" and version "4.70" | - |
Affected
| ||||||
Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.71 Search vendor "Exim" for product "Exim" and version "4.71" | - |
Affected
| ||||||
Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.72 Search vendor "Exim" for product "Exim" and version "4.72" | - |
Affected
| ||||||
Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.73 Search vendor "Exim" for product "Exim" and version "4.73" | - |
Affected
| ||||||
Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.74 Search vendor "Exim" for product "Exim" and version "4.74" | - |
Affected
| ||||||
Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.75 Search vendor "Exim" for product "Exim" and version "4.75" | - |
Affected
| ||||||
Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.76 Search vendor "Exim" for product "Exim" and version "4.76" | - |
Affected
| ||||||
Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.77 Search vendor "Exim" for product "Exim" and version "4.77" | - |
Affected
| ||||||
Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.80 Search vendor "Exim" for product "Exim" and version "4.80" | - |
Affected
|