Download
| Alert*
oval:org.secpod.oval:def:21802
The host is installed with Exim before 4.83 and is prone to an elevation vulnerability. A flaw is present in the application, which expands mathematical comparisons twice. Successful exploitation allows local users to gain privileges and execute arbitrary commands. oval:org.secpod.oval:def:600522 It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code. The oldstable distribution is not affected by this problem because it does not contain DKIM su ... oval:org.secpod.oval:def:1600024 expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. oval:org.secpod.oval:def:500373 Exim is a mail transport agent developed at the University of Cambridge for use on Unix systems connected to the Internet. A buffer overflow flaw was discovered in Exim"s internal string_vformat function. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exi ... oval:org.secpod.oval:def:201653 Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ... oval:org.secpod.oval:def:200024 Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ... oval:org.secpod.oval:def:500216 Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ... oval:org.secpod.oval:def:1800474 In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. oval:org.secpod.oval:def:53249 Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message. |