9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.851 High
EPSS
Percentile
98.5%
Severity: Critical
Date : 2017-11-30
CVE-ID : CVE-2017-1000369 CVE-2017-10140 CVE-2017-16943 CVE-2017-16944
Package : exim
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-518
The package exim before version 4.89.1-1 is vulnerable to multiple
issues including arbitrary code execution, denial of service and
information disclosure.
Upgrade to 4.89.1-1.
The problems have been fixed upstream in version 4.89.1.
None.
An uncontrolled resource consumption flaw has been discovered in Exim
before 4.89.1. The use of multiple “-p” command line arguments which
are malloc()'ed and never free()'ed results in leaking memory. While
Exim itself is not vulnerable to privilege escalation, this particular
flaw can be used by the stackguard vulnerability to achieve privilege
escalation.
It was found that Berkeley DB reads the DB_CONFIG configuration file
from the current working directory by default. This happens when
calling db_create() with dbenv=NULL; or using the dbm_open() function.
This behavior leads to a security vulnerability because in the case of
setuid or setgid commands, excerpts of the file are revealed to the
calling user (and maybe more harm could be done with specially crafted
DB_CONFIG files).
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88
and 4.89 allows remote attackers to execute arbitrary code or cause a
denial of service (use-after-free) via vectors involving BDAT commands.
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88
and 4.89 allows remote attackers to cause a denial of service (infinite
loop and stack exhaustion) via vectors involving BDAT commands and an
improper check for a ‘.’ character signifying the end of the content,
related to the bdat_getc function.
A remote attacker is able to crash the application or execute arbitrary
code on the affected host. A local attacker is able to bypass access
restrictions to obtain sensitive data from local files or bypass the
stack guard to elevate privileges on the system.
https://bugs.archlinux.org/task/56478
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://git.exim.org/exim.git/commitdiff/65e061b76867a9ea7aeeb535341b790b90ae6c21
https://access.redhat.com/security/vulnerabilities/stackguard
http://seclists.org/oss-sec/2017/q2/452
http://www.postfix.org/announcements/postfix-3.2.2.html
https://git.exim.org/exim.git/commitdiff/98bf975ca462bebeaa1325d72381847c5118ff14
http://openwall.com/lists/oss-security/2017/11/25/2
https://bugs.exim.org/show_bug.cgi?id=2199
https://git.exim.org/exim.git/commitdiff/4090d62a4b25782129cc1643596dc2f6e8f63bde
https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
https://bugs.exim.org/show_bug.cgi?id=2201
https://git.exim.org/exim.git/commitdiff/178ecb70987f024f0e775d87c2f8b2cf587dd542
https://www.exploit-db.com/exploits/43184/
https://security.archlinux.org/CVE-2017-1000369
https://security.archlinux.org/CVE-2017-10140
https://security.archlinux.org/CVE-2017-16943
https://security.archlinux.org/CVE-2017-16944
openwall.com/lists/oss-security/2017/11/25/2
seclists.org/oss-sec/2017/q2/452
www.postfix.org/announcements/postfix-3.2.2.html
access.redhat.com/security/vulnerabilities/stackguard
bugs.archlinux.org/task/56478
bugs.exim.org/show_bug.cgi?id=2199
bugs.exim.org/show_bug.cgi?id=2201
git.exim.org/exim.git/commitdiff/178ecb70987f024f0e775d87c2f8b2cf587dd542
git.exim.org/exim.git/commitdiff/4090d62a4b25782129cc1643596dc2f6e8f63bde
git.exim.org/exim.git/commitdiff/65e061b76867a9ea7aeeb535341b790b90ae6c21
git.exim.org/exim.git/commitdiff/98bf975ca462bebeaa1325d72381847c5118ff14
github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944
lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
security.archlinux.org/AVG-518
security.archlinux.org/CVE-2017-1000369
security.archlinux.org/CVE-2017-10140
security.archlinux.org/CVE-2017-16943
security.archlinux.org/CVE-2017-16944
www.exploit-db.com/exploits/43184/
www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.851 High
EPSS
Percentile
98.5%