FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-5671

This CVE name corresponds to:

Entered Topic
2012-10-26 Exim -- remote code execution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-5671 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-5671
Phase Assigned(20121024)

Description

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.

References

Source Reference
MLIST [exim-announce] 20121026 Exim 4.80.1 Security Release
MLIST [oss-security] 20121027 CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow
DEBIAN DSA-2566
FEDORA FEDORA-2012-16899
FEDORA FEDORA-2012-17044
FEDORA FEDORA-2012-17085
SUSE openSUSE-SU-2012:1404
UBUNTU USN-1618-1
BID 56285
OSVDB 86616
SECUNIA 51098
SECUNIA 51115
SECUNIA 51153
SECUNIA 51155
XF exim-dkimeximquerydnstxt-bo(79615)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.