CVE-2011-1764

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.76

Description The issue is related to a format string vulnerability in the dkim exim verify finish function. This vulnerability might allow remote attackers to execute arbitrary code or cause a denial of service, such as a daemon crash, via format string specifiers in data used in DKIM logging. For example, an identity field containing a % (percent) character could trigger this issue.

Recommendations For versions prior to 4.76, update to version 4.76 or later to resolve the issue. As a temporary workaround, consider restricting the use of format string specifiers in DKIM logging data to minimize the risk of exploitation.