Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1381 — Use of Externally-Controlled Format String in OF Cambridge Exim

5 documents5 sources

Severity

7.2HIGHNVD

EPSS

3.1%

top 13.28%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Exim4 University OF Cambridge Exim

Timeline

PublishedDec 23

Latest updateApr 30

Description

Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/exim4< exim4 4.11-0.0.1 (bookworm)

▶NVDuniversity_of_cambridge/exim3.35, 3.36, 4.10+2

Patches

Patch: groups.yahoo.com ↗Patch: groups.yahoo.com ↗

🔴Vulnerability Details

GHSA

GHSA-qggr-hj4x-gf78: Format string vulnerability in daemon↗2022-04-30

▶

OSV

CVE-2002-1381: Format string vulnerability in daemon↗2002-12-23

▶

💥Exploits & PoCs

Exploit-DB

Exim Internet Mailer 3.35/3.36/4.10 - Format String↗2002-12-04

▶

📋Vendor Advisories

Debian

CVE-2002-1381: exim4 - Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x throu...↗2002

▶