cbcvebase.
CVE-2012-5671
published 2012-10-31

CVE-2012-5671: Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and…

PriorityP272medium6.8CVSS 2.0
AVNACMAuNCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
8.38%
94.3th percentile
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianexim4< exim4 4.80-5.1 (bookworm)exim4 4.80-5.1 (bookworm)
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable function is `dkim_exim_query_dns_txt` in `dkim.c`; heap-based buffer overflow triggered via malicious DNS TXT record response during DKIM verification
  • Exploitation requires DKIM support to be enabled AND `acl_smtp_connect` and `acl_smtp_rcpt` NOT set to `warn control = dkim_disable_verify` — audit Exim configs for this unsafe state
  • Attack vector is a malicious/rogue DNS server returning a crafted TXT record in response to Exim's DKIM DNS query — monitor for anomalous DNS TXT responses to mail server DNS resolvers
  • ·Vulnerability is only exploitable when DKIM support is compiled/enabled in Exim AND neither `acl_smtp_connect` nor `acl_smtp_rcpt` contain `warn control = dkim_disable_verify` — systems with this ACL directive set are not exploitable
  • ·Exim 4.63 (as shipped with Red Hat Enterprise Linux 5) does not contain the vulnerable DKIM code and is not affected

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vulncheck6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.