Download
| Alert*
|
oval:org.secpod.oval:def:21802
The host is installed with Exim before 4.83 and is prone to an elevation vulnerability. A flaw is present in the application, which expands mathematical comparisons twice. Successful exploitation allows local users to gain privileges and execute arbitrary commands. oval:org.secpod.oval:def:600522 It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code. The oldstable distribution is not affected by this problem because it does not contain DKIM su ... oval:org.secpod.oval:def:600526 It was discovered that Exim, Debian"s default mail transfer agent, is vulnerable to command injection attacks in its DKIM processing code, leading to arbitrary code execution. The default configuration supplied by Debian does not expose this vulnerability. The oldstable distribution is not affecte ... oval:org.secpod.oval:def:1600024 expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. oval:org.secpod.oval:def:600909 It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code. oval:org.secpod.oval:def:201653 Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ... oval:org.secpod.oval:def:200024 Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ... oval:org.secpod.oval:def:500216 Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ... oval:org.secpod.oval:def:1800474 In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. oval:org.secpod.oval:def:53249 Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message. |
