UbuntuUSN-1130-1Exim vulnerability
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.6 High
AI Score
Confidence
High
0.097 Low
EPSS
Percentile
94.8%
Releases
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04
Packages
- exim4 - Exim mail transfer agent
Details
It was discovered that the Exim daemon did not correctly handle format
strings in DKIM headers. An unauthenticated remote attacker could send
specially crafted email to run arbitrary code as the Exim user. The
default compiler options for affected releases reduces the vulnerability
to a denial of service under most conditions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 11.04 | noarch | exim4-daemon-heavy | < 4.74-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | exim4-base | < 4.74-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | exim4-daemon-heavy-dbg | < 4.74-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | exim4-daemon-light | < 4.74-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | exim4-daemon-light-dbg | < 4.74-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | exim4-dbg | < 4.74-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | exim4-dev | < 4.74-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | eximon4 | < 4.74-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | exim4-daemon-custom | < 4.74-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 10.10 | noarch | exim4-daemon-heavy | < 4.72-1ubuntu1.2 | UNKNOWN |
References
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.6 High
AI Score
Confidence
High
0.097 Low
EPSS
Percentile
94.8%