Vulnerabilities > CVE-2002-1381 - Unspecified vulnerability in University of Cambridge Exim 3.35/3.36/4.10
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | Exim Internet Mailer 3.35/3.36/4.10 Format String Vulnerability. CVE-2002-1381. Local exploit for linux platform |
| id | EDB-ID:22066 |
| last seen | 2016-02-02 |
| modified | 2002-12-04 |
| published | 2002-12-04 |
| reporter | Thomas Wana |
| source | https://www.exploit-db.com/download/22066/ |
| title | Exim Internet Mailer 3.35/3.36/4.10 Format String Vulnerability |
References
- http://groups.yahoo.com/group/exim-users/message/42358
- http://marc.info/?l=bugtraq&m=103903403527788&w=2
- http://marc.info/?l=bugtraq&m=104006219018664&w=2
- http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html
- http://www.securityfocus.com/bid/6314
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10761