CVE-2011-1407
Published: 16 May 2011
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
Notes
Author | Note |
---|---|
mdeslaur | only affects 4.7x and higher |
Priority
Status
Package | Release | Status |
---|---|---|
exim4 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(4.60-3ubuntu3.3)
|
hardy |
Not vulnerable
(4.69-2ubuntu0.3)
|
|
lucid |
Released
(4.71-3ubuntu1.3)
|
|
maverick |
Released
(4.72-1ubuntu1.3)
|
|
natty |
Released
(4.74-1ubuntu1.2)
|
|
upstream |
Released
(4.76)
|
|
Patches: upstream: http://git.exim.org/exim.git/commit/ae9094bfe313aeb9ffefc7566bd4dae49ada3cf5 |