Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
Max CVSS
7.5
EPSS Score
19.61%
Published
2001-09-20
Updated
2017-10-10
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
Max CVSS
7.5
EPSS Score
1.90%
Published
2001-12-19
Updated
2017-10-10
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
Max CVSS
7.5
EPSS Score
12.90%
Published
2003-10-20
Updated
2016-10-18
Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
Max CVSS
7.5
EPSS Score
36.51%
Published
2004-07-07
Updated
2017-07-11
Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
Max CVSS
7.5
EPSS Score
3.89%
Published
2004-07-07
Updated
2017-07-11
Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.
Max CVSS
7.2
EPSS Score
0.04%
Published
1997-07-22
Updated
2008-09-09
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
Max CVSS
7.2
EPSS Score
0.17%
Published
2002-12-23
Updated
2017-10-10
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
Max CVSS
7.2
EPSS Score
0.19%
Published
2005-05-02
Updated
2017-10-11
Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-05-31
Updated
2016-10-18
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
Max CVSS
4.6
EPSS Score
0.16%
Published
2005-05-02
Updated
2017-10-11
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!