Lucene search

K
archlinuxArchLinuxASA-201802-6
HistoryFeb 12, 2018 - 12:00 a.m.

[ASA-201802-6] exim: arbitrary code execution

2018-02-1200:00:00
security.archlinux.org
18

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.958

Percentile

99.5%

Arch Linux Security Advisory ASA-201802-6

Severity: High
Date : 2018-02-12
CVE-ID : CVE-2018-6789
Package : exim
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-608

Summary

The package exim before version 4.90.1-1 is vulnerable to arbitrary
code execution.

Resolution

Upgrade to 4.90.1-1.

pacman -Syu β€œexim>=4.90.1-1”

The problem has been fixed upstream in version 4.90.1.

Workaround

None.

Description

An issue was discovered in the base64d function in the SMTP listener in
Exim before 4.90.1. By sending a handcrafted message, a buffer overflow
may happen. This can be used to execute code remotely.

Impact

A remote attacker is able to execute arbitrary code on the affected
host by sending a crafted message.

References

http://exim.org/static/doc/security/CVE-2018-6789.txt
https://marc.info/?l=oss-security&m=151828631632609
https://security.archlinux.org/CVE-2018-6789

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyexim<Β 4.90.1-1UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.958

Percentile

99.5%