VYPR

rpm package

opensuse/exim&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/exim&distro=openSUSE%20Tumbleweed

Vulnerabilities (53)

  • CVE-2017-1000369MedJun 19, 2017
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream ha

  • CVE-2016-9963MedFeb 1, 2017
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

  • CVE-2016-1531HigApr 7, 2016
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.

  • CVE-2014-2972Sep 4, 2014
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

  • CVE-2014-2957Sep 4, 2014
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

  • CVE-2012-5671Oct 31, 2012
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via a

  • CVE-2011-1764Oct 5, 2011
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by a

  • CVE-2011-1407May 16, 2011
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

  • CVE-2011-0017Feb 2, 2011
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

  • CVE-2010-4345HigKEVDec 14, 2010
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

  • CVE-2010-4344CriKEVDec 14, 2010
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper reje

  • CVE-2010-2024Jun 7, 2010
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

  • CVE-2010-2023Jun 7, 2010
    affected < 4.86.2-2.2fixed 4.86.2-2.2

    transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's f

Page 3 of 3