Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200501-23
HistoryJan 12, 2005 - 12:00 a.m.

Exim: Two buffer overflows

2005-01-1200:00:00
Gentoo Foundation
security.gentoo.org
10

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

55.8%

JSON

Background

Exim is an highly configurable message transfer agent (MTA) developed at the University of Cambridge.

Description

Buffer overflows have been found in the host_aton() function (CAN-2005-0021) as well as in the spa_base64_to_bits() function (CAN-2005-0022), which is part of the SPA authentication code.

Impact

A local attacker could trigger the buffer overflow in host_aton() by supplying an illegal IPv6 address with more than 8 components, using a command line option. The second vulnerability could be remotely exploited during SPA authentication, if it is enabled on the server. Both buffer overflows can potentially lead to the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Exim users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.43-r2"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmail-mta/exim< 4.43-r2UNKNOWN

Related

openvas 9
nessus 9
ubuntu 1
redhat 1
freebsd 1
securityvulns 2
cve 2
cert 1
ubuntucve 2
checkpoint_advisories 1
debiancve 2
debian 4
openvas
openvas
exim -- two buffer overflow vulnerabilities
2008-09-04 00:00:00
exim -- two buffer overflow vulnerabilities
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200501-23 (exim)
2008-09-24 00:00:00
nessus
nessus
RHEL 4 : exim (RHSA-2005:025)
2005-02-22 00:00:00
Fedora Core 2 : exim-4.43-1.FC2.1 (2005-001)
2005-01-07 00:00:00
Fedora Core 3 : exim-4.43-1.FC3.1 (2005-002)
2012-09-24 00:00:00
ubuntu
ubuntu
exim4 vulnerabilities
2005-01-07 00:00:00
redhat
redhat
(RHSA-2005:025) exim security update
2005-02-15 00:00:00
freebsd
freebsd
exim -- two buffer overflow vulnerabilities
2005-01-05 00:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory [IDEF0725] Exim host_aton&#40;&#41; Buffer Overflow Vulnerability
2005-01-08 00:00:00
iDEFENSE Security Advisory [IDEF0731] Exim auth_spa_server&#40;&#41; Buffer Overflow Vulnerability
2005-01-08 00:00:00
cve
cve
CVE-2005-0022
2005-05-02 04:00:00
CVE-2005-0021
2005-05-02 04:00:00
cert
cert
Exim vulnerable to buffer overflow via the dns_build_reverse() routine
2005-01-27 00:00:00
ubuntucve
ubuntucve
CVE-2005-0021
2005-05-02 00:00:00
CVE-2005-0022
2005-05-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Exim SPA Authentication Buffer Overflow (CVE-2005-0022)
2009-11-10 00:00:00
debiancve
debiancve
CVE-2005-0022
2005-05-02 04:00:00
CVE-2005-0021
2005-05-02 04:00:00
debian
debian
[SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution
2005-01-12 07:47:42
[SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution
2005-01-13 07:27:57
[SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution
2005-01-13 07:27:57

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

55.8%

JSON
Related for GLSA-200501-23
openvas9nessus9ubuntu1redhat1freebsd1securityvulns2cve2cert1ubuntucve2checkpoint_advisories1debiancve2debian4