Exim < 4.83 Math Comparison Functions Data Insertion

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote mail server is potentially affected by a data insertion

Description :

According to its banner, the version of Exim running on the remote
host is prior to 4.83. It is, therefore, potentially affected by a
data insertion vulnerability. A flaw exists in the expansion of
arguments to math comparison functions which can cause values to be
expanded twice. This could permit a local attacker to insert arbitrary

See also :


Solution :

Upgrade to Exim 4.83 or later.

Risk factor :

Low / CVSS Base Score : 2.1
CVSS Temporal Score : 1.8
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 77055 ()

Bugtraq ID: 68857

CVE ID: CVE-2014-2972