CVE-2012-5671

Published Oct 31, 2012

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "452E9C94-B7FF-40A9-A7F9-FC38824F6135"
          },
          {
            "criteria": "cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8EB3709-D51F-46D1-99B8-CFB4C2275077"
          },
          {
            "criteria": "cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBDB2156-072B-4392-9DC8-266FF1B8C7A4"
          },
          {
            "criteria": "cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02F8A053-4578-4C45-A193-C188E45ED010"
          },
          {
            "criteria": "cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5DC11D6-F67F-40A8-B8BF-2E76DD2F9091"
          },
          {
            "criteria": "cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5854CAF2-1587-4B91-9F9B-E2C57C22C426"
          },
          {
            "criteria": "cpe:2.3:a:exim:exim:4.76:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24D504C3-139D-4627-BD72-B6B46B360CE6"
          },
          {
            "criteria": "cpe:2.3:a:exim:exim:4.77:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF796BE5-380B-4DBF-A4FF-4CDF98B69C97"
          },
          {
            "criteria": "cpe:2.3:a:exim:exim:4.80:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6526E201-30CC-4C12-B2B4-06EBA663D39F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References