漏洞信息详情
Exim Pipe Hostname任意命令执行漏洞
- CNNVD编号:CNNVD-200112-113
- 危害等级: 高危
- CVE编号: CVE-2001-0889
- 漏洞类型: 输入验证
- 发布时间: 2001-12-19
- 威胁类型: 远程
- 更新时间: 2005-05-02
- 厂 商: redhat
- 漏洞来源: via the exim-users and exim-announce mailing lists on December 19, 2001.');">This vulnerability...
漏洞简介
当重定向到管道的地址时,Exim 3.22及其之前版本中的一些配置不能正确的检验地址的本地部分,远程攻击者借助shell元字符执行任意命令。
漏洞公告
Fixed versions available: University of Cambridge Exim 3.11
- University of Cambridge Exim 3.34 http://www.exim.org
- Debian exim_3.12-10.2_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/exim _3.12-10.2_alpha.deb
- Debian exim_3.12-10.2_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/exim_3 .12-10.2_arm.deb
- Debian exim_3.12-10.2_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/exim_ 3.12-10.2_i386.deb
- Debian exim_3.12-10.2_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/exim_ 3.12-10.2_m68k.deb
- Debian exim_3.12-10.2_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/ex im_3.12-10.2_powerpc.deb
- Debian exim_3.12-10.2_sparc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/exim _3.12-10.2_sparc.deb
- Debian eximon_3.12-10.2_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/exim on_3.12-10.2_alpha.deb
- Debian eximon_3.12-10.2_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/eximon _3.12-10.2_arm.deb
- Debian eximon_3.12-10.2_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/eximo n_3.12-10.2_i386.deb
- Debian eximon_3.12-10.2_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/eximo n_3.12-10.2_m68k.deb
- Debian eximon_3.12-10.2_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/ex imon_3.12-10.2_powerpc.deb
- Debian eximon_3.12-10.2_sparc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/exim on_3.12-10.2_sparc.deb
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
- University of Cambridge Exim 3.34 http://www.exim.org
参考网址
来源:US-CERT Vulnerability Note: VU#283723 名称: VU#283723 链接:http://www.kb.cert.org/vuls/id/283723 来源: REDHAT 名称: RHSA-2001:176 链接:http://www.redhat.com/support/errata/RHSA-2001-176.HTML 来源: BUGTRAQ 名称: 20011219 [[email protected]: [Exim] Potential security problem] 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100877978506387&w=2 来源: XF 名称: exim-pipe-hostname-commands(7738) 链接:http://xforce.iss.net/xforce/xfdb/7738 来源: BID 名称: 3728 链接:http://www.securityfocus.com/bid/3728 来源: DEBIAN 名称: DSA-097 链接:http://www.debian.org/security/2002/dsa-097
受影响实体
- Redhat Linux
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论