what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2010-4344

Status Candidate

Overview

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

Related Files

Gentoo Linux Security Advisory 201401-32
Posted Jan 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-32 - Multiple vulnerabilities were found in Exim, the worst of which leading to remote execution of arbitrary code with root privileges. Versions less than 4.80.1 are affected.

tags | advisory, remote, arbitrary, root, vulnerability
systems | linux, gentoo
advisories | CVE-2010-2023, CVE-2010-2024, CVE-2010-4344, CVE-2010-4345, CVE-2011-0017, CVE-2011-1407, CVE-2011-1764, CVE-2012-5671
SHA-256 | e3a4e4748cd68f2fd685d0f69f6b2dbf2c95867f71a5d365a61fe7544703c801
Exim Exploit In The Wild Advisory
Posted Dec 13, 2010
Authored by Nigel Metheringham

It has come to the attention of The Exim Maintainers that there is an exploit circulating in the wild which affects versions of Exim versions 4.69 and below. The flaw permits remote code execution over SMTP and, when combined with some clever abuse of Exim's configuration, escalation to root privileges from the Exim run-time user.

tags | advisory, remote, overflow, root, code execution
advisories | CVE-2010-4344, CVE-2010-4345, CVE-2010-2023, CVE-2010-2024
SHA-256 | 5adb4da500bcb608c4a6e8d0326b0cf1582c4c29fc9fdc75ec210086b2a2eb60
Exim 4.63 Remote Root Exploit
Posted Dec 11, 2010
Authored by Kingcope

Exim version 4.63 remote root exploit that uses a connect-back shell. Works on RedHat, Centos and Debian.

tags | exploit, remote, shell, root
systems | linux, redhat, debian, centos
advisories | CVE-2010-4344
SHA-256 | af8e1e361c82fc87041373b6e4044b0f7d87c3a5ff26e31b243a3efd06e7c7ca
Ubuntu Security Notice USN-1032-1
Posted Dec 11, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1032-1 - Sergey Kononenko and Eugene Bujak discovered that Exim did not correctly truncate string expansions. A remote attacker could send specially crafted email traffic to run arbitrary code as the Exim user, which could also lead to root privileges.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2010-4344
SHA-256 | 77e24a5685302d1d9a4706ecabe2856bbab0526e7306773761125b28efb31777
Debian Security Advisory 2131-1
Posted Dec 11, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2131-1 - Several vulnerabilities have been found in exim4 that allow a remote attacker to execute arbitrary code as root user. Exploits for these issues have been seen in the wild.

tags | advisory, remote, arbitrary, root, vulnerability
systems | linux, debian
advisories | CVE-2010-4344
SHA-256 | 5b6512209c1f9073f2e15c1c0f2b5721c46a834515e3e9afa824750e050dcb56
Exim4 <= 4.69 string_format Function Heap Buffer Overflow
Posted Dec 11, 2010
Authored by H D Moore, jduck | Site metasploit.com

This Metasploit module exploits a heap buffer overflow within versions of Exim prior to version 4.69. By sending a specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-4344, CVE-2010-4345, OSVDB-69685
SHA-256 | 15971c9b06d4a9c47a89c4805a714e4e8f8fade760ff5ea9313cc6eeb5a8d923
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close