icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Exim < 4.76 dkim_exim_verify_finish Remote Format String Vulnerability

Medium

Synopsis

The remote mail server is vulnerable to a command execution attack.

Description

The remote host is running Exim, a message transfer agent.

Versions of Exim earlier than 4.76 are potentially affected by a format string vulnerability in logging DKIM information from an inbound email. By sending a specially crafted message to the server, a remote attacker can leverage this vulnerability to execute arbitrary code on the server subject to the privileges of the user running the affected application.

Solution

Upgrade to Exim 4.76 or later.