Upstream information
Description
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 7.5 |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SR:2011:010, published Tue, 31 May 2011 08:00:00 +0000
- SUSE-SU-2011:0608-1, published openSUSE-SU-2011:0535-1 openSUSE-SU-2014:0983-1
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-10017 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 07:59:31 2013CVE page last modified: Sat Jun 15 21:24:04 2024