Exim Pipe Hostname任意命令执行漏洞

漏洞信息详情

Exim Pipe Hostname任意命令执行漏洞

• CNNVD编号：CNNVD-200112-113
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0889
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2001-12-19
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  redhat
• 漏洞来源：
  This vulnerability…

当重定向到管道的地址时，Exim 3.22及其之前版本中的一些配置不能正确的检验地址的本地部分，远程攻击者借助shell元字符执行任意命令。

Fixed versions available:
University of Cambridge Exim 3.11

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.12

• Debian exim_3.12-10.2_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/exim
  _3.12-10.2_alpha.deb
• Debian exim_3.12-10.2_arm.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-arm/exim_3
  .12-10.2_arm.deb
• Debian exim_3.12-10.2_i386.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-i386/exim_
  3.12-10.2_i386.deb
• Debian exim_3.12-10.2_m68k.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-m68k/exim_
  3.12-10.2_m68k.deb
• Debian exim_3.12-10.2_powerpc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/ex
  im_3.12-10.2_powerpc.deb
• Debian exim_3.12-10.2_sparc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-sparc/exim
  _3.12-10.2_sparc.deb
• Debian eximon_3.12-10.2_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/exim
  on_3.12-10.2_alpha.deb
• Debian eximon_3.12-10.2_arm.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-arm/eximon
  _3.12-10.2_arm.deb
• Debian eximon_3.12-10.2_i386.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-i386/eximo
  n_3.12-10.2_i386.deb
• Debian eximon_3.12-10.2_m68k.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-m68k/eximo
  n_3.12-10.2_m68k.deb
• Debian eximon_3.12-10.2_powerpc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/ex
  imon_3.12-10.2_powerpc.deb
• Debian eximon_3.12-10.2_sparc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-sparc/exim
  on_3.12-10.2_sparc.deb
• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.13

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.14

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.15

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.16

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.17

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.18

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.19

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.20

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.21

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.22

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.30

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.31

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.32

• University of Cambridge Exim 3.34
  
  http://www.exim.org

University of Cambridge Exim 3.33

• University of Cambridge Exim 3.34
  
  http://www.exim.org

来源:US-CERT Vulnerability Note: VU#283723
名称: VU#283723
链接:http://www.kb.cert.org/vuls/id/283723

来源: REDHAT
名称: RHSA-2001:176
链接:http://www.redhat.com/support/errata/RHSA-2001-176.html

来源: BUGTRAQ
名称: 20011219 [ph10@cus.cam.ac.uk: [Exim] Potential security problem]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100877978506387&w=2

来源: XF
名称: exim-pipe-hostname-commands(7738)
链接:http://xforce.iss.net/xforce/xfdb/7738

来源: BID
名称: 3728
链接:http://www.securityfocus.com/bid/3728

来源: DEBIAN
名称: DSA-097
链接:http://www.debian.org/security/2002/dsa-097