FreeBSD : Exim -- remote code execution and information disclosure (36594c54-7be7-11e0-9838-0022156e8794)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Release notes for Exim 4.76 says :

Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
format-string attack -- SECURITY: remote arbitrary code execution.

DKIM signature header parsing was double-expanded, second time
unintentionally subject to list matching rules, letting the header
cause arbitrary Exim lookups (of items which can occur in lists, *not*
arbitrary string expansion). This allowed for information disclosure.

Also, impact assessment was redone shortly after the original
announcement :

Further analysis revealed that the second security was more severe
than I realised at the time that I wrote the announcement. The second
security issue has been assigned CVE-2011-1407 and is also a remote
code execution flaw. For clarity: both issues were introduced with
4.70.

See also :

https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html
http://bugs.exim.org/show_bug.cgi?id=1106
http://www.nessus.org/u?0ea5a887

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 53907 ()

Bugtraq ID:

CVE ID: CVE-2011-1407
CVE-2011-1764

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now