製品・ソフトウェアに関する情報

JVN脆弱性詳細

Exim の string_format 関数にバッファオーバーフローの脆弱性

Title	Exim の string_format 関数にバッファオーバーフローの脆弱性
Summary	Exim の string_format 関数には、バッファオーバーフローの脆弱性が存在します。 Exim は、Cambridge 大学で開発された Unix システム向けのメール転送エージェントです。Exim の string_format 関数には、バッファオーバーフローの脆弱性が存在します。攻撃者は、メッセージヘッダを細工することで本脆弱性を使用した攻撃が可能になります。なお、本脆弱性を使用した攻撃活動が確認されています。
Possible impacts	遠隔の第三者によって、Exim の実行権限で任意のコードを実行される可能性があります。
Solution	[アップデートする] この問題は、使用している OS のベンダや配布元が提供する修正済みのバージョンに更新することで解決します。詳細については、ベンダや配布元が提供する情報を参照してください。
Publication Date	Dec. 14, 2010, midnight
Registration Date	Jan. 6, 2011, 3:58 p.m.
Last Update	Jan. 6, 2011, 3:58 p.m.

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

レッドハット

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.7 (as)

Red Hat Enterprise Linux 4.7 (es)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.3.z (server)

Red Hat Enterprise Linux EUS 5.4.z (server)

Red Hat Enterprise Linux Long Life (v. 5.3 server)

Exim Development

Exim 4.70 より前のバージョン

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4344	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344
Exim
2	CVE-2010-4344	http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
National Vulnerability Database (NVD)
3	CVE-2010-4344	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4344

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Exim
1	Buffer overrun fix. fixes: bug#787	http://git.exim.org/exim.git/commitdiff/24c929a2
2	Top Page	http://www.exim.org
Red Hat Security Advisory
3	RHSA-2010:0970	https://rhn.redhat.com/errata/RHSA-2010-0970.html

その他

No	Name	URL
JVN
1	JVNVU#682457	http://jvn.jp/cert/JVNVU682457
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
2	69685	http://osvdb.org/69685
Secunia Advisory
3	SA40019	http://secunia.com/advisories/40019
4	SA42586	http://secunia.com/advisories/42586
SecurityFocus
5	45308	http://www.securityfocus.com/bid/45308
SecurityTracker
6	1024858	http://www.securitytracker.com/id?1024858
US-CERT Vulnerability Note
7	VU#682457	http://www.kb.cert.org/vuls/id/682457
VUPEN Security
8	VUPEN/ADV-2010-3171	http://www.vupen.com/english/advisories/2010/3171
9	VUPEN/ADV-2010-3181	http://www.vupen.com/english/advisories/2010/3181

Change Log

No	Changed Details	Date of change
0	[2011年01月06日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-4344

Summary	Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Publication Date	Dec. 15, 2010, 1 a.m.
Registration Date	Jan. 29, 2021, 11:08 a.m.
Last Update	Nov. 21, 2024, 10:20 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:exim:exim::::::::					4.70

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:opensuse:opensuse:11.1:::::::*
cpe:2.3:o:opensuse:opensuse:11.2:::::::*
cpe:2.3:o:opensuse:opensuse:11.3:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:5.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*

Related information, measures and tools

No	URL	タグ
1	ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70	Broken Link
2	ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70	Broken Link
3	http://atmail.com/blog/2010/atmail-6204-now-available/	Broken Link
4	http://atmail.com/blog/2010/atmail-6204-now-available/	Broken Link
5	http://bugs.exim.org/show_bug.cgi?id=787	Issue Tracking Patch
6	http://bugs.exim.org/show_bug.cgi?id=787	Issue Tracking Patch
7	http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b	Mailing List Patch
8	http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b	Mailing List Patch
9	http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html	Mailing List Patch
10	http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html	Mailing List Patch
11	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html	Mailing List Third Party Advisory
13	http://openwall.com/lists/oss-security/2010/12/10/1	Mailing List Third Party Advisory
14	http://openwall.com/lists/oss-security/2010/12/10/1	Mailing List Third Party Advisory
15	http://secunia.com/advisories/40019	Broken Link Vendor Advisory
16	http://secunia.com/advisories/40019	Broken Link Vendor Advisory
17	http://secunia.com/advisories/42576	Broken Link Vendor Advisory
18	http://secunia.com/advisories/42576	Broken Link Vendor Advisory
19	http://secunia.com/advisories/42586	Broken Link Vendor Advisory
20	http://secunia.com/advisories/42586	Broken Link Vendor Advisory
21	http://secunia.com/advisories/42587	Broken Link Vendor Advisory
22	http://secunia.com/advisories/42587	Broken Link Vendor Advisory
23	http://secunia.com/advisories/42589	Broken Link Vendor Advisory
24	http://secunia.com/advisories/42589	Broken Link Vendor Advisory
25	http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html	Broken Link
26	http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html	Broken Link
27	http://www.debian.org/security/2010/dsa-2131	Mailing List Third Party Advisory
28	http://www.debian.org/security/2010/dsa-2131	Mailing List Third Party Advisory
29	http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html	Exploit Mailing List
30	http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html	Exploit Mailing List
31	http://www.kb.cert.org/vuls/id/682457	Third Party Advisory US Government Resource
32	http://www.kb.cert.org/vuls/id/682457	Third Party Advisory US Government Resource
33	http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format	Third Party Advisory
34	http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format	Third Party Advisory
35	http://www.openwall.com/lists/oss-security/2021/05/04/7	Exploit Mailing List
36	http://www.openwall.com/lists/oss-security/2021/05/04/7	Exploit Mailing List
37	http://www.osvdb.org/69685	Broken Link Exploit Patch
38	http://www.osvdb.org/69685	Broken Link Exploit Patch
39	http://www.redhat.com/support/errata/RHSA-2010-0970.html	Broken Link
40	http://www.redhat.com/support/errata/RHSA-2010-0970.html	Broken Link
41	http://www.securityfocus.com/archive/1/515172/100/0/threaded	Broken Link Third Party Advisory VDB Entry
42	http://www.securityfocus.com/archive/1/515172/100/0/threaded	Broken Link Third Party Advisory VDB Entry
43	http://www.securityfocus.com/bid/45308	Broken Link Third Party Advisory VDB Entry
44	http://www.securityfocus.com/bid/45308	Broken Link Third Party Advisory VDB Entry
45	http://www.securitytracker.com/id?1024858	Broken Link Third Party Advisory VDB Entry
46	http://www.securitytracker.com/id?1024858	Broken Link Third Party Advisory VDB Entry
47	http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/	Press/Media Coverage
48	http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/	Press/Media Coverage
49	http://www.ubuntu.com/usn/USN-1032-1	Third Party Advisory
50	http://www.ubuntu.com/usn/USN-1032-1	Third Party Advisory
51	http://www.vupen.com/english/advisories/2010/3171	Broken Link Vendor Advisory
52	http://www.vupen.com/english/advisories/2010/3171	Broken Link Vendor Advisory
53	http://www.vupen.com/english/advisories/2010/3172	Broken Link Vendor Advisory
54	http://www.vupen.com/english/advisories/2010/3172	Broken Link Vendor Advisory
55	http://www.vupen.com/english/advisories/2010/3181	Broken Link Vendor Advisory
56	http://www.vupen.com/english/advisories/2010/3181	Broken Link Vendor Advisory
57	http://www.vupen.com/english/advisories/2010/3186	Broken Link Vendor Advisory
58	http://www.vupen.com/english/advisories/2010/3186	Broken Link Vendor Advisory
59	http://www.vupen.com/english/advisories/2010/3204	Broken Link Vendor Advisory
60	http://www.vupen.com/english/advisories/2010/3204	Broken Link Vendor Advisory
61	http://www.vupen.com/english/advisories/2010/3246	Broken Link Vendor Advisory
62	http://www.vupen.com/english/advisories/2010/3246	Broken Link Vendor Advisory
63	http://www.vupen.com/english/advisories/2010/3317	Broken Link
64	http://www.vupen.com/english/advisories/2010/3317	Broken Link
65	https://bugzilla.redhat.com/show_bug.cgi?id=661756	Exploit Issue Tracking
66	https://bugzilla.redhat.com/show_bug.cgi?id=661756	Exploit Issue Tracking

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html