ALT-PU-2014-1684-1
Closed vulnerabilities
Published: 2012-10-31
Modified: 2017-08-29
Modified: 2017-08-29
CVE-2012-5671
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
Severity: MEDIUM (6.8)
References:
- openSUSE-SU-2012:1404
- [oss-security] 20121027 CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow
- 86616
- 51098
- DSA-2566
- [exim-announce] 20121026 Exim 4.80.1 Security Release
- USN-1618-1
- 56285
- FEDORA-2012-16899
- 51153
- FEDORA-2012-17044
- 51115
- FEDORA-2012-17085
- 51155
- exim-dkimeximquerydnstxt-bo(79615)