Exim < 4.76 dkim_exim_verify_finish() DKIM-Signature Header Format String

High Nessus Plugin ID 53856

Synopsis

The remote mail server is potentially affected by a format string vulnerability.

Description

Based on its response to a specially formatted mail message, the Exim mail server listening on this port appears to be affected by a format string vulnerability. The vulnerability is due to a failure in the dkim_exim_verify_finish() function to properly sanitize format string specifiers in the DKIM-Signature header. A remote attacker can exploit this by sending a specially crafted email, resulting in the execution of arbitrary code as the Exim run-time user.

Solution

Upgrade to Exim 4.76 or later.

See Also

ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.76

https://lists.exim.org/lurker/message/20110506.112357.e99a8db1.en.html

http://bugs.exim.org/show_bug.cgi?id=1106

Plugin Details

Severity: High

ID: 53856

File Name: exim_4_76.nasl

Version: 1.15

Type: remote

Published: 2011/05/10

Updated: 2018/07/10

Dependencies: 10263

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:exim:exim

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/05/06

Vulnerability Publication Date: 2011/05/06

Reference Information

CVE: CVE-2011-1407, CVE-2011-1764

BID: 47736, 47836