CVE-2014-2957
Priority
Negligible
Description
The dmarc_process function in dmarc.c in Exim before 4.82.1, when
EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary
code via the From header in an email, which is passed to the expand_string
function.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2957
https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html
http://www.openwall.com/lists/oss-security/2014/05/28
Notes
jdstrand> EXPERIMENTAL_DMARC not enabled, ignoring
Package
Source:
exim4
(
LP
Ubuntu
Debian
)
Upstream:
released
(4.82.1-1)
Ubuntu 14.04 LTS (Trusty Tahr)
:
ignored
More Information
Mitre
NVD
Launchpad
Debian
Updated
: 2017-12-14 20:03:11 UTC (commit
13907
)