Vulnerability Details CVE-2011-1407
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.debian.org/security/2011/dsa-2236
- http://www.securityfocus.com/bid/47836
- http://www.ubuntu.com/usn/USN-1135-1
- https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html
- https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html
- http://www.debian.org/security/2011/dsa-2236
- http://www.securityfocus.com/bid/47836
- http://www.ubuntu.com/usn/USN-1135-1
- https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html
- https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html
Products affected by CVE-2011-1407
-
cpe:2.3:a:exim:exim:4.70
-
cpe:2.3:a:exim:exim:4.71
-
cpe:2.3:a:exim:exim:4.72
-
cpe:2.3:a:exim:exim:4.73
-
cpe:2.3:a:exim:exim:4.74
-
cpe:2.3:a:exim:exim:4.75