CVE-2001-0690

EXPLOITED

exim <3.22-10/3.12/3.16 - RCE

Title source: llm

Description

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Megyer Laszlo · textlocallinux

https://www.exploit-db.com/exploits/20900

View Code ZIP pw:eip

References (6)

[Exploit, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402

[Patch, Vendor Advisory] http://www.debian.org/security/2001/dsa-058

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2001-078.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/2828

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6671

Scores

EPSS 0.2024

EPSS Percentile 95.5%

Details

VulnCheck KEV 2017-06-20

Status published

Products (4)

conectiva/linux

debian/debian_linux 4.0

redhat/linux

university_of_cambridge/exim < 3.22

Published Sep 20, 2001

Tracked Since Feb 18, 2026