Exim STMP Server Format String Vulnerability (CVE-2011-1764) Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Exim STMP Server Format String Vulnerability (CVE-2011-1764) Scanner Detail

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76.

Checks for a format string vulnerability in the Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified Mail (DKIM) support (CVE-2011-1764). The DKIM logging mechanism did not use format string specifiers when logging some parts of the DKIM-Signature header field. A remote attacker who is able to send emails, can exploit this vulnerability and execute arbitrary code with the privileges of the Exim daemon.

Reference:

 

Some Advice for Common Problems

It is recommended to upgrade your Exim MTA to the latest patches.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service