what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2010-4344

Status Candidate

Overview

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

Related Files

Gentoo Linux Security Advisory 201401-32
Posted Jan 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-32 - Multiple vulnerabilities were found in Exim, the worst of which leading to remote execution of arbitrary code with root privileges. Versions less than 4.80.1 are affected.

tags | advisory, remote, arbitrary, root, vulnerability
systems | linux, gentoo
advisories | CVE-2010-2023, CVE-2010-2024, CVE-2010-4344, CVE-2010-4345, CVE-2011-0017, CVE-2011-1407, CVE-2011-1764, CVE-2012-5671
MD5 | 86774c961d131435e18c1dbf719ed5d0
Exim Exploit In The Wild Advisory
Posted Dec 13, 2010
Authored by Nigel Metheringham

It has come to the attention of The Exim Maintainers that there is an exploit circulating in the wild which affects versions of Exim versions 4.69 and below. The flaw permits remote code execution over SMTP and, when combined with some clever abuse of Exim's configuration, escalation to root privileges from the Exim run-time user.

tags | advisory, remote, overflow, root, code execution
advisories | CVE-2010-4344, CVE-2010-4345, CVE-2010-2023, CVE-2010-2024
MD5 | 9a35f0a4b058b1257105aad2597dd91a
Exim 4.63 Remote Root Exploit
Posted Dec 11, 2010
Authored by Kingcope

Exim version 4.63 remote root exploit that uses a connect-back shell. Works on RedHat, Centos and Debian.

tags | exploit, remote, shell, root
systems | linux, redhat, debian, centos
advisories | CVE-2010-4344
MD5 | 2cb560f314f3f60da5c5ea20c1a99053
Ubuntu Security Notice USN-1032-1
Posted Dec 11, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1032-1 - Sergey Kononenko and Eugene Bujak discovered that Exim did not correctly truncate string expansions. A remote attacker could send specially crafted email traffic to run arbitrary code as the Exim user, which could also lead to root privileges.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2010-4344
MD5 | ce3381b67a3c1b4aeb0d6acca6ccb1ec
Debian Security Advisory 2131-1
Posted Dec 11, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2131-1 - Several vulnerabilities have been found in exim4 that allow a remote attacker to execute arbitrary code as root user. Exploits for these issues have been seen in the wild.

tags | advisory, remote, arbitrary, root, vulnerability
systems | linux, debian
advisories | CVE-2010-4344
MD5 | 248784466d19271ba509161657c8efc2
Exim4 <= 4.69 string_format Function Heap Buffer Overflow
Posted Dec 11, 2010
Authored by H D Moore, jduck | Site metasploit.com

This Metasploit module exploits a heap buffer overflow within versions of Exim prior to version 4.69. By sending a specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-4344, CVE-2010-4345, OSVDB-69685
MD5 | fcaf55fbd789a3303811997418e7d8d4
Page 1 of 1
Back1Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close