CVE-2010-4344
CVE-2010-4344
In short
Exim email server has a critical flaw where a specially crafted email with certain headers can cause a buffer overflow, allowing attackers to run arbitrary code on the server through SMTP.
Technical detail
Heap-based buffer overflow in the string_vformat function in Exim <4.70 exploitable via SMTP by sending two consecutive MAIL commands followed by a large message with crafted headers; improper rejection logging triggers the memory corruption, enabling remote code execution without authentication.
Summary generated and translated by AI from the official description.
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/15725unverifiedexploitdbwww.exploit-db.com/exploits/16925unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70http://atmail.com/blog/2010/atmail-6204-now-available/http://bugs.exim.org/show_bug.cgi?id=787http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6bhttp://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.htmlhttp://openwall.com/lists/oss-security/2010/12/10/1https://bugzilla.redhat.com/show_bug.cgi?id=661756http://secunia.com/advisories/40019http://secunia.com/advisories/42576http://secunia.com/advisories/42586http://secunia.com/advisories/42587