Exim vulnerable to buffer overflow via the dns_build_reverse() routine

Overview

The Exim Mail Transfer Agent (MTA) contains a buffer overflow that allows a local attacker to execute arbitrary code.

Description

Exim MTA is an open-source mail transport agent distributed by the University of Cambridge. A lack of input validation on user supplied data may allow a buffer overflow to occur in Exim. If a local attacker supplies the Exim with a specially crafted command line options, that attacker may be able to cause a buffer overflow in the dns_build_reverse()routine.

According to public reports, this vulnerability exists in Exim versions prior to 4.44.

---

Impact

A local attacker may be able to execute arbitrary code with elevated (root) privileges.

---

Solution

Upgrade

This issue has been addressed in Exim version 4.4.

---

Vendor Information

132992

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Conectiva __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

Debian __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Debian advisories for this vulnerability can be found at:

<http://www.nl.debian.org/security/2005/dsa-635&gt;
and
<http://www.debian.org/security/2005/dsa-637&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

Engarde __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

Gentoo __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Gentoo advisory for this vulnerability can be found at:

<http://www.gentoo.org/security/en/glsa/glsa-200501-23.xml&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

Hewlett-Packard Company __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

IBM __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

Immunix __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

Ingrian Networks __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

MandrakeSoft __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

MontaVista Software __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

OpenBSD __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

Red Hat Inc. __ Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

University of Cambridge __ Unknown

Updated: January 27, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23132992 Feedback>).

View all 13 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• http://www.idefense.com/application/poi/display?id=183&type=vulnerabilit&flashstatus=false
• <http://www.securitytracker.com/alerts/2005/Jan/1012904.html&gt;
• <http://secunia.com/advisories/13713/&gt;
• <http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html&gt;

Acknowledgements

This vulnerability was reported by iDEFENSE Inc.

This document was written by Jeff Gennari.

Other Information

CVE IDs:	CVE-2005-0021
Severity Metric:	2.76 Date Public: