CVE-2002-1381 - Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim

CVE-2002-1381

Summary

Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.

References

Vulnerable Configurations

cpe:2.3:a:university_of_cambridge:exim:3.35:*:*:*:*:*:*:*
cpe:2.3:a:university_of_cambridge:exim:3.35:*:*:*:*:*:*:*
cpe:2.3:a:university_of_cambridge:exim:3.36:*:*:*:*:*:*:*
cpe:2.3:a:university_of_cambridge:exim:3.36:*:*:*:*:*:*:*
cpe:2.3:a:university_of_cambridge:exim:4.10:*:*:*:*:*:*:*
cpe:2.3:a:university_of_cambridge:exim:4.10:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 10-10-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	6314
bugtraq	20021204 Local root vulnerability found in exim 4.x (and 3.x)
confirm	http://groups.yahoo.com/group/exim-users/message/42358
gentoo	GLSA-200212-5
mlist	[Exim] 20021204 Minor security problem in both Exim 3 and 4
xf	exim-daemonc-format-string(10761)

Last major update

10-10-2017 - 01:30

Published

23-12-2002 - 05:00

Last modified

10-10-2017 - 01:30