Nmap Development mailing list archives

Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String

From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 18 Jul 2011 11:24:07 +0100

On Wed, Jul 13, 2011 at 01:37:25AM +0100, Djalal Harouni wrote:

Hi list,

Attached is a script that will check for a format string vulnerability
in the Exim SMTP server with DKIM [1] support, versions between 4.70 and
4.75 are affected. The DKIM logging mechanism did not use format string
specifiers when logging the DKIM-Signature header field. A remote
attacker who is able to send emails, can exploit this vulnerability and
execute arbitrary code in the context of the Exim daemon
(CVE-2011-1764) [2].

The script will cause the Exim child to segfault due to an invalid memory
reference, and perhaps with more debugging someone can achieve arbitrary
code execution.

I've committed this script as svn r24939.

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 12)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 18)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Henri Doreau (Jul 18)
  - Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 18)