CVE-2011-1407 — Improper Input Validation in Exim

CWE-20 — Improper Input Validation10 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Exim4 Exim

Timeline

PublishedMay 16

Latest updateMay 17

Description

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/exim4< exim4 4.76-1 (bookworm)

▶NVDexim/exim6 versions+5

Patches

Patch: lists.exim.org ↗Patch: lists.exim.org ↗Patch: lists.exim.org ↗

🔴Vulnerability Details

GHSA

GHSA-pq5j-h89p-xfxj: The DKIM implementation in Exim 4↗2022-05-17

▶

OSV

CVE-2011-1407: The DKIM implementation in Exim 4↗2011-05-16

▶

📋Vendor Advisories

Ubuntu

Exim vulnerability↗2011-05-25

▶

Red Hat

exim: arbitrary code execution via improper DKIM signature matching↗2011-05-09

▶

Debian

CVE-2011-1407: exim4 - The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM ident...↗2011

▶

💬Community

Bugzilla

CVE-2011-1407 CVE-2011-1764 exim various flaws [epel-6]↗2011-05-17

▶

Bugzilla

CVE-2011-1407 exim: arbitrary code execution via improper DKIM signature matching↗2011-05-17

▶

Bugzilla

CVE-2011-1764 exim: improper format string handling in DKIM signatures↗2011-05-05

▶

Bugzilla

CVE-2011-1407 exim various flaws [fedora-all]↗2011-05-05

▶