Nmap Development mailing list archives
[NSE] Check for CVE-2011-1764 - Exim DKIM Format String
From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 13 Jul 2011 01:37:25 +0100
Hi list, Attached is a script that will check for a format string vulnerability in the Exim SMTP server with DKIM [1] support, versions between 4.70 and 4.75 are affected. The DKIM logging mechanism did not use format string specifiers when logging the DKIM-Signature header field. A remote attacker who is able to send emails, can exploit this vulnerability and execute arbitrary code in the context of the Exim daemon (CVE-2011-1764) [2]. The script will cause the Exim child to segfault due to an invalid memory reference, and perhaps with more debugging someone can achieve arbitrary code execution. [1] http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail [2] http://thread.gmane.org/gmane.mail.exim.devel/4946 -- tixxdz http://opendz.org
Attachment:
smtp-vuln-cve2011-1764.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 12)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 18)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Henri Doreau (Jul 18)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 18)