cbcvebase.
CVE-2001-0690
published 2001-09-20

CVE-2001-0690: Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute…

PriorityP266high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
11.89%
95.6th percentile
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.

Affected

2 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
university_of_cambridgeexim<= 3.22

Detection & IOCsextracted from sources · hover to see the quote

command/usr/sbin/exim -bS
otherFrom:@@%p%p%p%p%p%p%p%p%p%p
  • Detect format string specifiers (e.g., %p, %n, %x) injected into SMTP mail headers, particularly the 'From:' header field, which is the attack vector for this vulnerability.
  • Monitor for exim invoked with the '-bS' flag (batched SMTP mode), as exploitation requires this mode to be active.
  • Look for exim error log entries containing '550 Syntax error in \'From\' header: domain missing or malformed' combined with format string artifacts (e.g., 0x-prefixed hex addresses) in the 'failing address is:' field, indicating active probing or exploitation.
  • ·Exploitation via the 'From:' header format string path requires syntax checking mode to be enabled in exim, which is NOT the default configuration. Assess exposure based on whether '-bS' (batched SMTP) mode and syntax checking are active.
  • ·Affected versions are exim 3.22-10 (Red Hat), 3.12 (Debian), and 3.16 (Conectiva). Scope detection rules to these specific version ranges.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.