FKIE_CVE-2012-5671

Vulnerability from fkie_nvd - Published: 2012-10-31 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2012-10/msg00018.html
cve@mitre.orghttp://osvdb.org/86616
cve@mitre.orghttp://secunia.com/advisories/51098Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/51115
cve@mitre.orghttp://secunia.com/advisories/51153
cve@mitre.orghttp://secunia.com/advisories/51155
cve@mitre.orghttp://www.debian.org/security/2012/dsa-2566
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2012/10/26/5
cve@mitre.orghttp://www.securityfocus.com/bid/56285
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1618-1
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/79615
cve@mitre.orghttps://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00018.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/86616
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51098Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51115
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51153
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51155
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2566
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/10/26/5
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56285
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1618-1
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/79615
af854a3a-2127-422b-91ae-364da2661108https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html
Impacted products
Vendor Product Version
exim exim 4.70
exim exim 4.71
exim exim 4.72
exim exim 4.73
exim exim 4.74
exim exim 4.75
exim exim 4.76
exim exim 4.77
exim exim 4.80
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "452E9C94-B7FF-40A9-A7F9-FC38824F6135",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8EB3709-D51F-46D1-99B8-CFB4C2275077",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBDB2156-072B-4392-9DC8-266FF1B8C7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F8A053-4578-4C45-A193-C188E45ED010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DC11D6-F67F-40A8-B8BF-2E76DD2F9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "5854CAF2-1587-4B91-9F9B-E2C57C22C426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:exim:exim:4.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D504C3-139D-4627-BD72-B6B46B360CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:exim:exim:4.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF796BE5-380B-4DBF-A4FF-4CDF98B69C97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:exim:exim:4.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "6526E201-30CC-4C12-B2B4-06EBA663D39F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to \"warn control = dkim_disable_verify,\" allows remote attackers to execute arbitrary code via an email from a malicious DNS server."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n dkim_exim_query_dns_txt en dkim.c en Exim v4.70 hasta v4.80, cuando el soporte DKIM est\u00e1 habilitado y acl_smtp_connect y acl_smtp_rcpt no est\u00e1n establecidos en \"warn control = dkim_disable_verify\", permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un correo electr\u00f3nico de un servidor DNS malicioso."
    }
  ],
  "id": "CVE-2012-5671",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-10-31T16:55:06.577",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/86616"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51098"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/51115"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/51153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/51155"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2566"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2012/10/26/5"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/56285"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1618-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79615"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/86616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/10/26/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/56285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1618-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.