Описание
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| exim4 | fixed | 4.82.1-1 | package | |
| exim4 | not-affected | squeeze | package | |
| exim4 | not-affected | wheezy | package |
Примечания
https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html
EXPERIMENTAL_DMARC not enabled
Связанные уязвимости
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.