Vulnerability Description
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
CVSS Score
5.9
MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Exim | Exim | <= 4.87 |
| Canonical | Ubuntu Linux | 12.04 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2016/dsa-3747Third Party Advisory
- http://www.exim.org/static/doc/CVE-2016-9963.txtMitigationVendor Advisory
- http://www.securityfocus.com/bid/94947Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037484Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-3164-1Third Party Advisory
- https://bugs.exim.org/show_bug.cgi?id=1996Issue TrackingMitigationVendor Advisory
- http://www.debian.org/security/2016/dsa-3747Third Party Advisory
- http://www.exim.org/static/doc/CVE-2016-9963.txtMitigationVendor Advisory
- http://www.securityfocus.com/bid/94947Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037484Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-3164-1Third Party Advisory
- https://bugs.exim.org/show_bug.cgi?id=1996Issue TrackingMitigationVendor Advisory
FAQ
What is CVE-2016-9963?
CVE-2016-9963 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
How severe is CVE-2016-9963?
CVE-2016-9963 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9963?
Check the references section above for vendor advisories and patch information. Affected products include: Exim Exim, Canonical Ubuntu Linux, Debian Debian Linux.