Nmap Development mailing list archives

[NSE] Check for CVE-2011-1764 - Exim DKIM Format String

From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 13 Jul 2011 01:37:25 +0100

Hi list,

Attached is a script that will check for a format string vulnerability
in the Exim SMTP server with DKIM [1] support, versions between 4.70 and
4.75 are affected. The DKIM logging mechanism did not use format string
specifiers when logging the DKIM-Signature header field. A remote
attacker who is able to send emails, can exploit this vulnerability and
execute arbitrary code in the context of the Exim daemon
(CVE-2011-1764) [2].

The script will cause the Exim child to segfault due to an invalid memory
reference, and perhaps with more debugging someone can achieve arbitrary
code execution.

[1] http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
[2] http://thread.gmane.org/gmane.mail.exim.devel/4946

-- 
tixxdz
http://opendz.org

Attachment: smtp-vuln-cve2011-1764.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 12)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 18)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Henri Doreau (Jul 18)
  - Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 18)