Lucene search

K
freebsdFreeBSD45BEA6B5-8855-11E9-8D41-97657151F8C2
HistoryMay 27, 2019 - 12:00 a.m.

Exim -- RCE in deliver_message() function

2019-05-2700:00:00
vuxml.freebsd.org
39

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

99.9%

Exim team and Qualys report:

    We received a report of a possible remote exploit.  Currently there is no evidence of an active use of this exploit.
  

    A patch exists already, is being tested, and backported to all
    versions we released since (and including) 4.87.
  

    The severity depends on your configuration.  It depends on how close to
    the standard configuration your Exim runtime configuration is. The
    closer the better.
  

    Exim 4.92 is not vulnerable.
OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchexim= 4.87UNKNOWN
FreeBSDanynoarchexim< 4.92UNKNOWN

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

99.9%