Family: Debian Local Security Checks --> Category: infos
[DSA058] DSA-058-1 exim Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Megyer Laszlo found a printf format bug in the exim mail transfer
agent. The code that checks the header syntax of an email logs
an error without protecting itself against printf format attacks.
It's only exploitable locally with the -bS switch
(in batched SMTP mode).
This problem has been fixed in version 3.12-10.1. Since that code is
not turned on by default a standard installation is not vulnerable,
but we still recommend to upgrade your exim package.
Solution : http://www.debian.org/security/2001/dsa-058
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.