CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
88.6%
Under certain configurations, Exim may execute commands embedded in a mail message’s From address.
Exim is an open-source mail transport agent distributed by the University of Cambridge. Exim can be configured to route all incoming mail or mail to particular addresses through a pipe transport, such as a virus scanner. If Exim does this without first checking the local part of the “To:” address for characters such as “|” (vertical bar), then an attacker can craft a message that would cause Exim to execute arbitrary commands.
Remote attackers can run arbitrary commands with privileges of the Exim process.
Upgrade
Upgrade to Exim 3.36 or Exim 4.10, available from:
283723
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: September 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23283723 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Patrice Fournier for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
CVE IDs: | CVE-2001-0889 |
---|---|
Severity Metric: | 5.99 Date Public: |