This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote service has a buffer overflow.
A heap overflow vulnerability exists in the version of exim
installed on the remote host.
By sending a specially crafted message to the server, a remote
attacker can leverage this vulnerability to execute arbitrary code on
the server with the privilege of the exim server. A separate vulnerability
that Nessus didn't test for, CVE-2010-4345, is often used to elevate the
exim user to root access.
Note that Nessus checked for this vulnerability by sending a specially
crafted packet and checking the response, without crashing the
All 4.6x versions 4.69-9 and below are known to be affected, and others
may be as well.
See also :
Upgrade to version 4.70 as it addresses the issue.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Family: SMTP problems
Nessus Plugin ID: 51179 ()
Bugtraq ID: 45308
CVE ID: CVE-2010-4344
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.