2014-11-05
ALT-BU-2014-3086-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2014-09-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-2957
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
Severity: MEDIUM (6.8)
References:
- http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0
- http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- [exim-announce] 20140528 [exim] Exim 4.82.1 Security Release
- [exim-announce] 20140528 [exim] Exim 4.82.1 Security Release
Published: 2014-09-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-2972
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
Severity: MEDIUM (4.6)
References:
- http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44
- http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44
- FEDORA-2014-8803
- FEDORA-2014-8803
- FEDORA-2014-8865
- FEDORA-2014-8865
- USN-2933-1
- USN-2933-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1122552
- https://bugzilla.redhat.com/show_bug.cgi?id=1122552
- [exim] 20140722 [exim] Exim 4.83 Released
- [exim] 20140722 [exim] Exim 4.83 Released
- [exim] 20140722 [exim] Exim Security Advisory CVE-2014-2972
- [exim] 20140722 [exim] Exim Security Advisory CVE-2014-2972
- GLSA-201607-12
- GLSA-201607-12