CVE-2001-0690

Опубликовано: 20 сент. 2001

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html
Exploit
Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402
http://www.debian.org/security/2001/dsa-058
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2001-078.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/2828
https://exchange.xforce.ibmcloud.com/vulnerabilities/6671
http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html
Exploit
Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402
http://www.debian.org/security/2001/dsa-058
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2001-078.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/2828
https://exchange.xforce.ibmcloud.com/vulnerabilities/6671

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:university_of_cambridge:exim:*:*:*:*:*:*:*:*

Версия до 3.22 (включая)

cpe:2.3:o:conectiva:linux:*:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:*:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19934

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2001-0690

redhat

около 24 лет назад

GHSA-wmjp-jcfp-7jf8

github

около 3 лет назад