Exim
CVE-2014-2972
MEDIUM
Severity by source
AV:L/AC:L/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:L/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
AnalysisAI
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-189. expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. Affected products include: Exim. Version information: before 4.83.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitr
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Rat
Exim mail server version 4.98 before 4.98.1 contains a remote SQL injection vulnerability when SQLite hints and ETRN ser
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Rated critical severity (CVSS 9.8), this vulnerability is re
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM suppor
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. Rated critical sev
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. Rated critical severity (CVS
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attacke
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_mall
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass
Same weakness CWE-189 – Numeric Errors
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today