{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-07T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-1135-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1135-1"}, {"name": "[exim-announce] 20110512 Exim 4.76 Release: updated impact assessment", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html"}, {"name": "DSA-2236", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2236"}, {"name": "[exim-announce] 20110509 Exim 4.76 Release", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html"}, {"name": "47836", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47836"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1407", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-1135-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1135-1"}, {"name": "[exim-announce] 20110512 Exim 4.76 Release: updated impact assessment", "refsource": "MLIST", "url": "https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html"}, {"name": "DSA-2236", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2236"}, {"name": "[exim-announce] 20110509 Exim 4.76 Release", "refsource": "MLIST", "url": "https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html"}, {"name": "47836", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47836"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:40.995Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1135-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1135-1"}, {"name": "[exim-announce] 20110512 Exim 4.76 Release: updated impact assessment", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html"}, {"name": "DSA-2236", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2236"}, {"name": "[exim-announce] 20110509 Exim 4.76 Release", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html"}, {"name": "47836", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47836"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1407", "datePublished": "2011-05-16T18:00:00", "dateReserved": "2011-03-10T00:00:00", "dateUpdated": "2024-08-06T22:28:40.995Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*", "matchCriteriaId": "452E9C94-B7FF-40A9-A7F9-FC38824F6135", "vulnerable": true}, {"criteria": "cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*", "matchCriteriaId": "A8EB3709-D51F-46D1-99B8-CFB4C2275077", "vulnerable": true}, {"criteria": "cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*", "matchCriteriaId": "CBDB2156-072B-4392-9DC8-266FF1B8C7A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*", "matchCriteriaId": "02F8A053-4578-4C45-A193-C188E45ED010", "vulnerable": true}, {"criteria": "cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*", "matchCriteriaId": "A5DC11D6-F67F-40A8-B8BF-2E76DD2F9091", "vulnerable": true}, {"criteria": "cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*", "matchCriteriaId": "5854CAF2-1587-4B91-9F9B-E2C57C22C426", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity."}, {"lang": "es", "value": "La implementaci\u00f3n de DKIM en Exim v4.7x con anterioridad a v4.76 permite la comparaci\u00f3n de las identidades DKIM para aplicar a las operaciones de b\u00fasqueda art\u00edculos, en lugar de s\u00f3lo cadenas, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o acceso a un sistema de ficheros a trav\u00e9s de una identidad manipulada."}], "id": "CVE-2011-1407", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-05-16T18:55:00.730", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2011/dsa-2236"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/47836"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1135-1"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2236"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/47836"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1135-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "exim: arbitrary code execution via improper DKIM signature matching", "id": "705446", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705446"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "details": ["The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity."], "name": "CVE-2011-1407", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "exim", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "exim", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2011-05-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-1407\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1407"], "statement": "Not vulnerable. This issue did not affect the versions of exim as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for DKIM.", "threat_severity": "Important"}