CVE-2016-9963
Published: 16 December 2016
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
Priority
Status
Package | Release | Status |
---|---|---|
exim4 Launchpad, Ubuntu, Debian |
precise |
Released
(4.76-3ubuntu3.4)
|
trusty |
Released
(4.82-3ubuntu2.2)
|
|
upstream |
Released
(4.87.1,4.88)
|
|
xenial |
Released
(4.86.2-2ubuntu2.1)
|
|
yakkety |
Released
(4.87-3ubuntu1.1)
|
|
Patches: upstream: https://github.com/Exim/exim/commit/87cb4a166c47b57df48c2918e47801d77639fbb0 upstream: https://github.com/Exim/exim/commit/46672dc8be913fb02f0aa822d79c590fac276182 upstream: https://github.com/Exim/exim/commit/fd3961f062107c5c64016cff0331fd2cf1181cdd upstream: https://github.com/Exim/exim/commit/be2b8e517f4946d2ad0cb0100e7b078cb4d9b65f upstream: https://github.com/Exim/exim/commit/31c02defdc5118834e801d4fe8f11c1d9b5ebadf upstream: https://github.com/Exim/exim/commit/f915863397aa037a437155da67424d094821a23b |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |