CVE-2010-4344: Exim Heap-Based Buffer Overflow Vulnerability
First published: Thu Dec 09 2010(Updated: )
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Exim Exim | =2.11 | |
| Exim Exim | =4.66 | |
| Exim Exim | =4.10 | |
| Exim Exim | =3.16 | |
| Exim Exim | =3.21 | |
| Exim Exim | =3.01 | |
| Exim Exim | =3.31 | |
| Exim Exim | =4.24 | |
| Exim Exim | =3.33 | |
| Exim Exim | =3.30 | |
| Exim Exim | =4.30 | |
| Exim Exim | =4.21 | |
| Exim Exim | =4.03 | |
| Exim Exim | =4.51 | |
| Exim Exim | =4.67 | |
| Exim Exim | =4.63 | |
| Exim Exim | =4.00 | |
| Exim Exim | =4.43 | |
| Exim Exim | =4.22 | |
| Exim Exim | =3.10 | |
| Exim Exim | =4.40 | |
| Exim Exim | =4.52 | |
| Exim Exim | =3.36 | |
| Exim Exim | =3.15 | |
| Exim Exim | =4.60 | |
| Exim Exim | =4.61 | |
| Exim Exim | =2.12 | |
| Exim Exim | =4.68 | |
| Exim Exim | =4.54 | |
| Exim Exim | =4.02 | |
| Exim Exim | =4.23 | |
| Exim Exim | =4.01 | |
| Exim Exim | =3.34 | |
| Exim Exim | <=4.69 | |
| Exim Exim | =3.00 | |
| Exim Exim | =4.62 | |
| Exim Exim | =3.02 | |
| Exim Exim | =3.03 | |
| Exim Exim | =3.12 | |
| Exim Exim | =3.20 | |
| Exim Exim | =4.12 | |
| Exim Exim | =3.22 | |
| Exim Exim | =4.32 | |
| Exim Exim | =4.11 | |
| Exim Exim | =4.42 | |
| Exim Exim | =4.05 | |
| Exim Exim | =4.31 | |
| Exim Exim | =3.14 | |
| Exim Exim | =3.11 | |
| Exim Exim | =3.35 | |
| Exim Exim | =4.44 | |
| Exim Exim | =4.14 | |
| Exim Exim | =4.64 | |
| Exim Exim | =4.04 | |
| Exim Exim | =4.41 | |
| Exim Exim | =4.20 | |
| Exim Exim | =2.10 | |
| Exim Exim | =4.65 | |
| Exim Exim | =4.53 | |
| Exim Exim | =4.33 | |
| Exim Exim | =3.13 | |
| Exim Exim | =4.50 | |
| Exim Exim | =3.32 | |
| Exim Exim | =4.34 | |
| Exim Exim | <4.70 | |
| openSUSE openSUSE | =11.1 | |
| openSUSE openSUSE | =11.2 | |
| openSUSE openSUSE | =11.3 | |
| Debian Debian Linux | =5.0 | |
| Canonical Ubuntu Linux | =6.06 | |
| Canonical Ubuntu Linux | =8.04 | |
| Canonical Ubuntu Linux | =9.10 | |
| Exim Exim | ||
| <4.70 | ||
| =11.1 | ||
| =11.2 | ||
| =11.3 | ||
| =5.0 | ||
| =6.06 | ||
| =8.04 | ||
| =9.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
- https://bugzilla.redhat.com/show_bug.cgi?id=661756
- http://secunia.com/advisories/40019
- http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
- http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
- http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
- http://openwall.com/lists/oss-security/2010/12/10/1
- http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
- http://www.osvdb.org/69685
- http://bugs.exim.org/show_bug.cgi?id=787
- http://www.ubuntu.com/usn/USN-1032-1
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
- http://www.debian.org/security/2010/dsa-2131
- http://secunia.com/advisories/42576
- http://www.vupen.com/english/advisories/2010/3171
- http://www.vupen.com/english/advisories/2010/3172
- http://secunia.com/advisories/42586
- http://www.vupen.com/english/advisories/2010/3186
- http://www.vupen.com/english/advisories/2010/3204
- http://www.redhat.com/support/errata/RHSA-2010-0970.html
- http://secunia.com/advisories/42587
- http://secunia.com/advisories/42589
- http://www.vupen.com/english/advisories/2010/3181
- http://www.vupen.com/english/advisories/2010/3246
- http://www.kb.cert.org/vuls/id/682457
- http://www.securityfocus.com/bid/45308
- http://www.securitytracker.com/id?1024858
- http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
- http://atmail.com/blog/2010/atmail-6204-now-available/
- http://www.vupen.com/english/advisories/2010/3317
- http://www.securityfocus.com/archive/1/515172/100/0/threaded
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
- https://access.redhat.com/security/cve/CVE-2010-4344
- https://access.redhat.com/security/cve/CVE-2010-4345
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=662012
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=662013
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=787
- http://git.exim.org/exim.git/commitdiff/24c929a2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=661756#c18
- https://rhn.redhat.com/errata/RHSA-2010-0970.html
- https://nvd.nist.gov/vuln/detail/CVE-2010-4344
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/title
- agent/references
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-4344
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- collector/nvd-cve
- vendor/exim
- canonical/exim exim
- version/exim exim/2.11
- version/exim exim/4.66
- version/exim exim/4.10
- version/exim exim/3.16
- version/exim exim/3.21
- version/exim exim/3.01
- version/exim exim/3.31
- version/exim exim/4.24
- version/exim exim/3.33
- version/exim exim/3.30
- version/exim exim/4.30
- version/exim exim/4.21
- version/exim exim/4.03
- version/exim exim/4.51
- version/exim exim/4.67
- version/exim exim/4.63
- version/exim exim/4.00
- version/exim exim/4.43
- version/exim exim/4.22
- version/exim exim/3.10
- version/exim exim/4.40
- version/exim exim/4.52
- version/exim exim/3.36
- version/exim exim/3.15
- version/exim exim/4.60
- version/exim exim/4.61
- version/exim exim/2.12
- version/exim exim/4.68
- version/exim exim/4.54
- version/exim exim/4.02
- version/exim exim/4.23
- version/exim exim/4.01
- version/exim exim/3.34
- version/exim exim/4.69
- version/exim exim/3.00
- version/exim exim/4.62
- version/exim exim/3.02
- version/exim exim/3.03
- version/exim exim/3.12
- version/exim exim/3.20
- version/exim exim/4.12
- version/exim exim/3.22
- version/exim exim/4.32
- version/exim exim/4.11
- version/exim exim/4.42
- version/exim exim/4.05
- version/exim exim/4.31
- version/exim exim/3.14
- version/exim exim/3.11
- version/exim exim/3.35
- version/exim exim/4.44
- version/exim exim/4.14
- version/exim exim/4.64
- version/exim exim/4.04
- version/exim exim/4.41
- version/exim exim/4.20
- version/exim exim/2.10
- version/exim exim/4.65
- version/exim exim/4.53
- version/exim exim/4.33
- version/exim exim/3.13
- version/exim exim/4.50
- version/exim exim/3.32
- version/exim exim/4.34
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/11.1
- version/opensuse opensuse/11.2
- version/opensuse opensuse/11.3
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/5.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/6.06
- version/canonical ubuntu linux/8.04
- version/canonical ubuntu linux/9.10