Detections
Analytics
Exim < 4.83 Math Comparison Functions Data Insertion
medium Nessus Plugin ID 77055
Language:
Synopsis
The remote mail server is potentially affected by a data insertion vulnerability.Description
According to its banner, the version of Exim running on the remote host is prior to 4.83. It is, therefore, potentially affected by a data insertion vulnerability. A flaw exists in the expansion of arguments to math comparison functions which can cause values to be expanded twice. This could permit a local attacker to insert arbitrary data.Solution
Upgrade to Exim 4.83 or later.See Also
ftp://ftp.exim.org/pub/exim/exim4/
https://lists.exim.org/lurker/message/20140722.160524.be7e58a9.en.html
Plugin Details
Severity: Medium
ID: 77055
File Name: exim_4_83.nasl
Version: 1.3
Type: remote
Family: SMTP problems
Published: 8/7/2014
Updated: 11/25/2019
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2014-2972
Vulnerability Information
CPE: cpe:/a:exim:exim
Required KB Items: Settings/ParanoidReport
Exploit Ease: No known exploits are available
Patch Publication Date: 7/22/2012
Vulnerability Publication Date: 7/22/2012
Reference Information
CVE: CVE-2014-2972
BID: 68857