CVE-2010-4344

CVSS V2 High 9.3 CVSS V3 None
Description
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Overview
  • CVE ID
  • CVE-2010-4344
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-12-14T16:00:04
  • Last Modified Date
  • 2023-02-13T04:28:35
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:* 1 OR 4.69
cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.32:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.33:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html Patch
https://bugzilla.redhat.com/show_bug.cgi?id=661756 Exploit
http://secunia.com/advisories/40019 Vendor Advisory
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b Patch
http://openwall.com/lists/oss-security/2010/12/10/1
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
http://www.osvdb.org/69685 Exploit Patch
http://bugs.exim.org/show_bug.cgi?id=787 Patch
http://www.ubuntu.com/usn/USN-1032-1
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
http://www.debian.org/security/2010/dsa-2131
http://secunia.com/advisories/42576 Vendor Advisory
http://www.vupen.com/english/advisories/2010/3171 Vendor Advisory
http://www.vupen.com/english/advisories/2010/3172 Vendor Advisory
http://secunia.com/advisories/42586 Vendor Advisory
http://www.vupen.com/english/advisories/2010/3186 Vendor Advisory
http://www.vupen.com/english/advisories/2010/3204 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0970.html
http://secunia.com/advisories/42587 Vendor Advisory
http://secunia.com/advisories/42589 Vendor Advisory
http://www.vupen.com/english/advisories/2010/3181 Vendor Advisory
http://www.vupen.com/english/advisories/2010/3246 Vendor Advisory
http://www.kb.cert.org/vuls/id/682457 US Government Resource
http://www.securityfocus.com/bid/45308
http://www.securitytracker.com/id?1024858
http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
http://atmail.com/blog/2010/atmail-6204-now-available/
http://www.vupen.com/english/advisories/2010/3317
http://www.securityfocus.com/archive/1/515172/100/0/threaded
http://www.openwall.com/lists/oss-security/2021/05/04/7
History
Created Old Value New Value Data Type Notes
2022-05-10 16:17:38 Added to TrackCVE
2023-02-02 19:03:01 2023-02-02T17:17:48 CVE Modified Date updated
2023-02-02 19:03:03 Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. CVE-2010-4344 exim: remote code execution flaw Description updated
2023-02-13 05:04:04 2023-02-13T04:28:35 CVE Modified Date updated
2023-02-13 05:04:05 CVE-2010-4344 exim: remote code execution flaw Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. Description updated