Exim string_format Buffer Overflow Exploit

The internal string handling functions of the Exim software contain a function called string_format(). The version of this function included with Exim versions prior to 4.70 contains a flaw that can result in a buffer overflow. This module exploits the vulnerability to install an agent. Additionally, this module also attempts to exploit the Alternate Configuration Privilege Escalation Vulnerability in Exim (CVE-2010-4345). If the second exploit is successful, the agent is installed with root privileges.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2010-4344
Product Version: 
11.0
Released Date: 
Wednesday, February 2, 2011 - 00:00