VYPR

Exim

by Exim

Source repositories

CVEs (74)

  • CVE-2020-28008May 6, 2021
    risk 0.00cvss epss 0.00

    Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to…

  • CVE-2020-28007May 6, 2021
    risk 0.00cvss epss 0.01

    Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.

  • CVE-2020-12783May 11, 2020
    risk 0.00cvss epss 0.04

    Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

  • CVE-2020-8015Apr 2, 2020
    risk 0.00cvss epss 0.01

    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.

  • CVE-2014-2972Sep 4, 2014
    risk 0.00cvss epss 0.00

    expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

  • CVE-2014-2957Sep 4, 2014
    risk 0.00cvss epss 0.05

    The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

  • CVE-2011-1764Oct 5, 2011
    risk 0.00cvss epss 0.04

    Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by…

  • CVE-2011-1407May 16, 2011
    risk 0.00cvss epss 0.04

    The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

  • CVE-2011-0017Feb 2, 2011
    risk 0.00cvss epss 0.00

    The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

  • CVE-2010-2024Jun 7, 2010
    risk 0.00cvss epss 0.00

    transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

  • CVE-2010-2023Jun 7, 2010
    risk 0.00cvss epss 0.00

    transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's…

  • CVE-2005-0022May 2, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.

  • CVE-2003-0743Oct 20, 2003
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which…

  • CVE-2002-0274May 31, 2002
    risk 0.00cvss epss 0.00

    Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.

Page 4 of 4