PT-2011-3105 · Exim · Exim

Published

2011-05-16

Updated

2024-06-15

CVE-2011-1407

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Exim versions 4.7x through 4.75

Description The issue concerns the DKIM implementation, which incorrectly allows matching for DKIM identities to apply to lookup items instead of only strings. This flaw enables remote attackers to execute arbitrary code or access a filesystem by crafting a malicious identity.

Recommendations For Exim versions 4.7x through 4.75, update to version 4.76 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-1407

DSA-2236-1

OPENSUSE-SU-2024:10017-1

Affected Products

Exim

PT-2011-3105 · Exim · Exim

CVE-2011-1407

Weakness Enumeration

Related Identifiers

Affected Products

References · 21