All errata/sisyphus/ALT-PU-2014-2322-1
ALT-PU-2014-2322-1

Package update exim in branch sisyphus

Version4.84-alt1
Task#133996
Published2014-11-04
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2014-2957
MEDIUM6.8

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

Published: 2014-09-04Modified: 2025-04-12
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
References
CVE-2014-2972
MEDIUM4.6

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

Published: 2014-09-04Modified: 2025-04-12
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P
References