Exim Crafted Header Remote Code Execution Vulnerability
Gravité: : Critique
Identifiant(s) CVE: : CVE-2010-4344
Date du conseil: 21 juillet 2015
Description
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1004549
Trend Micro Deep Security DPI Rule Name: 1004549 - Exim Crafted Header Remote Code Execution Vulnerability
Affected software and version:
- exim exim 2.10
- exim exim 2.11
- exim exim 2.12
- exim exim 3.00
- exim exim 3.01
- exim exim 3.02
- exim exim 3.03
- exim exim 3.10
- exim exim 3.11
- exim exim 3.12
- exim exim 3.13
- exim exim 3.14
- exim exim 3.15
- exim exim 3.16
- exim exim 3.20
- exim exim 3.21
- exim exim 3.22
- exim exim 3.30
- exim exim 3.31
- exim exim 3.32
- exim exim 3.33
- exim exim 3.34
- exim exim 3.35
- exim exim 3.36
- exim exim 4.00
- exim exim 4.01
- exim exim 4.02
- exim exim 4.03
- exim exim 4.04
- exim exim 4.05
- exim exim 4.10
- exim exim 4.11
- exim exim 4.12
- exim exim 4.14
- exim exim 4.20
- exim exim 4.21
- exim exim 4.22
- exim exim 4.23
- exim exim 4.24
- exim exim 4.30
- exim exim 4.31
- exim exim 4.32
- exim exim 4.33
- exim exim 4.34
- exim exim 4.40
- exim exim 4.41
- exim exim 4.42
- exim exim 4.43
- exim exim 4.44
- exim exim 4.50
- exim exim 4.51
- exim exim 4.52
- exim exim 4.53
- exim exim 4.54
- exim exim 4.60
- exim exim 4.61
- exim exim 4.62
- exim exim 4.63
- exim exim 4.64
- exim exim 4.65
- exim exim 4.66
- exim exim 4.67
- exim exim 4.68
- exim exim 4.69