CVE-2011-1407

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
eximexim
4.70
eximexim
4.71
eximexim
4.72
eximexim
4.73
eximexim
4.74
eximexim
4.75
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
exim4
bullseye
4.94.2-7+deb11u3
fixed
lenny
not-affected
bullseye (security)
4.94.2-7+deb11u4
fixed
bookworm
4.96-15+deb12u5
fixed
bookworm (security)
4.96-15+deb12u5
fixed
sid
4.98-2
fixed
trixie
4.98-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
exim4
natty
Fixed 4.74-1ubuntu1.2
released
maverick
Fixed 4.72-1ubuntu1.3
released
lucid
Fixed 4.71-3ubuntu1.3
released
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://www.debian.org/security/2011/dsa-2236
http://www.securityfocus.com/bid/47836
http://www.ubuntu.com/usn/USN-1135-1
https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html
https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html
http://www.debian.org/security/2011/dsa-2236
http://www.securityfocus.com/bid/47836
http://www.ubuntu.com/usn/USN-1135-1
https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html
https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html