CVE-2011-1764
published 2011-10-05CVE-2011-1764: Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.94%
89.1th percentile
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
Affected
71 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | exim4 | < exim4 4.75-3 (bookworm) | exim4 4.75-3 (bookworm) |
| exim | exim | <= 4.75 | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
| exim | exim | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Exim vulnerability
vendor_ubuntu·2011-05-10
CVE-2011-1764 Exim vulnerability
Title: Exim vulnerability
Summary: Exim could be made to run arbitrary code under some conditions.
It was discovered that the Exim daemon did not correctly handle format
strings in DKIM headers. An unauthenticated remote attacker could send
specially crafted email to run arbitrary code as the Exim user. The
default compiler options for affected releases reduces the vulnerability
to a denial of service under most conditions.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
exim: improper format string handling in DKIM signatures
vendor_redhat·2011-04-29·CVSS 7.5
CVE-2011-1764 [HIGH] exim: improper format string handling in DKIM signatures
exim: improper format string handling in DKIM signatures
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
Statement: Not vulnerable. This issue did not affect the versions of exim as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for DKIM.
Package: exim (Red Hat Enterprise Linux 4) - Not affected
Package: exim (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2011-1764: exim4 - Format string vulnerability in the dkim_exim_verify_finish function in src/dkim....
vendor_debian·2011·CVSS 7.5
CVE-2011-1764 [HIGH] CVE-2011-1764: exim4 - Format string vulnerability in the dkim_exim_verify_finish function in src/dkim....
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
Scope: local
bookworm: resolved (fixed in 4.75-3)
bullseye: resolved (fixed in 4.75-3)
forky: resolved (fixed in 4.75-3)
sid: resolved (fixed in 4.75-3)
trixie: resolved (fixed in 4.75-3)
GHSA
GHSA-mhvp-9557-5gxf: Format string vulnerability in the dkim_exim_verify_finish function in src/dkim
ghsa_unreviewed·2022-05-17
CVE-2011-1764 [HIGH] CWE-134 GHSA-mhvp-9557-5gxf: Format string vulnerability in the dkim_exim_verify_finish function in src/dkim
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
OSV
CVE-2011-1764: Format string vulnerability in the dkim_exim_verify_finish function in src/dkim
osv·2011-10-05·CVSS 7.5
CVE-2011-1764 [HIGH] CVE-2011-1764: Format string vulnerability in the dkim_exim_verify_finish function in src/dkim
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1407 CVE-2011-1764 exim various flaws [epel-6]
bugzilla·2011-05-17·CVSS 7.5
CVE-2011-1407 [HIGH] CVE-2011-1407 CVE-2011-1764 exim various flaws [epel-6]
CVE-2011-1407 CVE-2011-1764 exim various flaws [epel-6]
epel-6 tracking bug for exim: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Adding parent bug CVE-2011-1764
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=705446,702474
---
Hi, Mark.
It seems like there was some mis-naming of CVEs when you included exim-4.72-0003-CVE-2011-1407.patch in:
* Wed May 18 2011 Mark Chappell 4.72-2
See https://bugzilla.redhat.com/show_bug.cgi?id=702474#c5
It looks like, based on Ubuntu's CVE page, that the actual fix for CVE-2011-1407 is here:
http://git.exim.org/exim.git/blobdiff/337
Bugzilla
CVE-2011-1764 exim: improper format string handling in DKIM signatures
bugzilla·2011-05-05·CVSS 7.5
CVE-2011-1764 [HIGH] CVE-2011-1764 exim: improper format string handling in DKIM signatures
CVE-2011-1764 exim: improper format string handling in DKIM signatures
It was reported [1],[2] that Exim would improperly interpret '%' in a DKIM (DomainKeys Identified Mail) signature, which would get logged to the paniclog. It is possible that using '%n' in the DKIM signature could be used to verwrite stack data, which could cause Exim to crash.
DKIM support has been in Exim since version 4.70.
A fix has been pushed upstream [3].
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670
[2] http://bugs.exim.org/show_bug.cgi?id=1106
[3] http://git.exim.org/exim.git/commitdiff/337e3505b0e6cd4309db6bf6062b33fa56e06cf8
Statement:
Not vulnerable. This issue did not affect the versions of exim as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for DKIM.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670http://bugs.exim.org/show_bug.cgi?id=1106http://git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://secunia.com/advisories/51155http://www.debian.org/security/2011/dsa-2232https://bugzilla.redhat.com/show_bug.cgi?id=702474http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670http://bugs.exim.org/show_bug.cgi?id=1106http://git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://secunia.com/advisories/51155http://www.debian.org/security/2011/dsa-2232https://bugzilla.redhat.com/show_bug.cgi?id=702474
2011-10-05
Published