CVE-2001-0690
published 2001-09-20CVE-2001-0690: Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute…
PriorityP266high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
11.89%
95.6th percentile
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| university_of_cambridge | exim | <= 3.22 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect format string specifiers (e.g., %p, %n, %x) injected into SMTP mail headers, particularly the 'From:' header field, which is the attack vector for this vulnerability. ↗
- →Monitor for exim invoked with the '-bS' flag (batched SMTP mode), as exploitation requires this mode to be active. ↗
- →Look for exim error log entries containing '550 Syntax error in \'From\' header: domain missing or malformed' combined with format string artifacts (e.g., 0x-prefixed hex addresses) in the 'failing address is:' field, indicating active probing or exploitation. ↗
- ·Exploitation via the 'From:' header format string path requires syntax checking mode to be enabled in exim, which is NOT the default configuration. Assess exposure based on whether '-bS' (batched SMTP) mode and syntax checking are active. ↗
- ·Affected versions are exim 3.22-10 (Red Hat), 3.12 (Debian), and 3.16 (Conectiva). Scope detection rules to these specific version ranges. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wmjp-jcfp-7jf8: Format string vulnerability in exim (3
ghsa_unreviewed·2022-04-30
CVE-2001-0690 [HIGH] GHSA-wmjp-jcfp-7jf8: Format string vulnerability in exim (3
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
VulnCheck
university_of_cambridge Exim Use of Externally-Controlled Format String
vulncheck·2001·CVSS 7.5
CVE-2001-0690 [HIGH] university_of_cambridge Exim Use of Externally-Controlled Format String
university_of_cambridge Exim Use of Externally-Controlled Format String
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
Affected: university_of_cambridge Exim
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=a9c54f79-d780-437b-a7f5-a74960e299d5&CommunityKey=8af7f28f-02f1-4107-8639-93a60b6546d4&tab=librarydocuments
Red Hat
security flaw
vendor_redhat·2001-06-06·CVSS 7.5
CVE-2001-0690 [HIGH] security flaw
security flaw
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
No detection rules found.
http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402http://www.debian.org/security/2001/dsa-058http://www.redhat.com/support/errata/RHSA-2001-078.htmlhttp://www.securityfocus.com/bid/2828https://exchange.xforce.ibmcloud.com/vulnerabilities/6671http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402http://www.debian.org/security/2001/dsa-058http://www.redhat.com/support/errata/RHSA-2001-078.htmlhttp://www.securityfocus.com/bid/2828https://exchange.xforce.ibmcloud.com/vulnerabilities/6671
2001-09-20
Published
Exploited in the wild