Vulnerability Description
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Exim | Exim | 4.70 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2011/dsa-2236
- http://www.securityfocus.com/bid/47836
- http://www.ubuntu.com/usn/USN-1135-1
- https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.htmlPatch
- https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.htmlPatch
- http://www.debian.org/security/2011/dsa-2236
- http://www.securityfocus.com/bid/47836
- http://www.ubuntu.com/usn/USN-1135-1
- https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.htmlPatch
- https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.htmlPatch
FAQ
What is CVE-2011-1407?
CVE-2011-1407 is a vulnerability with a CVSS score of 7.5 (HIGH). The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or acce...
How severe is CVE-2011-1407?
CVE-2011-1407 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1407?
Check the references section above for vendor advisories and patch information. Affected products include: Exim Exim.