Vulnerability Description
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| University Of Cambridge | Exim | 3.35 |
References
- http://groups.yahoo.com/group/exim-users/message/42358ExploitPatchVendor Advisory
- http://marc.info/?l=bugtraq&m=103903403527788&w=2
- http://marc.info/?l=bugtraq&m=104006219018664&w=2
- http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html
- http://www.securityfocus.com/bid/6314
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10761
- http://groups.yahoo.com/group/exim-users/message/42358ExploitPatchVendor Advisory
- http://marc.info/?l=bugtraq&m=103903403527788&w=2
- http://marc.info/?l=bugtraq&m=104006219018664&w=2
- http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html
- http://www.securityfocus.com/bid/6314
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10761
FAQ
What is CVE-2002-1381?
CVE-2002-1381 is a vulnerability with a CVSS score of 7.2 (HIGH). Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
How severe is CVE-2002-1381?
CVE-2002-1381 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1381?
Check the references section above for vendor advisories and patch information. Affected products include: University Of Cambridge Exim.