{"vuid":"VU#283723","idnumber":"283723","name":"Exim does not adequately validate user input thereby allow execution of arbitrary commands","keywords":["Exim","user input","local part of address","pipe command","receiver_verify","no_verify"],"overview":"Under certain configurations, Exim may execute commands embedded in a mail message's From address.","clean_desc":"Exim is an open-source mail transport agent distributed by the University of Cambridge. Exim can be configured to route all incoming mail or mail to particular addresses through a pipe transport, such as a virus scanner. If Exim does this without first checking the local part of the \"To:\" address for characters such as \"|\" (vertical bar), then an attacker can craft a message that would cause Exim to execute arbitrary commands.","impact":"Remote attackers can run arbitrary commands with privileges of the Exim process.","resolution":"Upgrade Upgrade to Exim 3.36 or Exim 4.10, available from: http://www.exim.org","workarounds":"","sysaffected":"","thanks":"Thanks to Patrice Fournier for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["http://www.exim.org/mailman/listinfo/exim-users","http://www.securityfocus.com/bid/3728"],"cveids":["CVE-2001-0889"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-12-19T17:51:40Z","publicdate":"2001-12-19T00:00:00Z","datefirstpublished":"2002-09-24T16:13:04Z","dateupdated":"2002-09-24T16:13:11Z","revision":8,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"4","cam_impact":"14","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"5.985","cam_scorecurrentwidelyknown":"7.56","cam_scorecurrentwidelyknownexploited":"13.86","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.985,"vulnote":null}