CVE-2011-1407
Exim 4.7x < 4.76 - Remote Code Execution via DKIM Identity Matching
Title source: llmDescription
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1135-1
Patch mailing-list
x_refsource_mlist
https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2236
Patch mailing-list
x_refsource_mlist
https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47836
Scores
EPSS
0.0380
EPSS Percentile
88.8%
Details
CWE
CWE-20
Status
published
Products (6)
exim/exim
4.70
exim/exim
4.71
exim/exim
4.72
exim/exim
4.73
exim/exim
4.74
exim/exim
4.75
Published
May 16, 2011
Tracked Since
Feb 18, 2026