PT-2014-4982 · Exim+1 · Exim+1
Published
2014-09-04
·
Updated
2024-06-15
·
CVE-2014-2957
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Exim versions prior to 4.82.1
Description
The issue allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the
expand string function. This occurs when the EXPERIMENTAL DMARC feature is enabled.Recommendations
For Exim versions prior to 4.82.1, update to version 4.82.1 or later to resolve the issue. As a temporary workaround, consider disabling the
EXPERIMENTAL DMARC feature until a patch is available.Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Exim