Lucene search

K
redosRedosROS-20240404-17
HistoryApr 04, 2024 - 12:00 a.m.

ROS-20240404-17

2024-04-0400:00:00
redos.red-soft.ru
7
exim
mail server
smtp
vulnerability
buffer boundaries
memory
remote attacker
arbitrary code
libspf2
integer overflow
dns query
ntlm
unauthorized access
request processing

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

32.5%

Vulnerability in the SMTP protocol implementation of Exim mail server is related to operation out of buffer boundaries
in memory during request processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code.
remotely to execute arbitrary code

Vulnerability of smtp service of Exim mail server is related to the possibility of writing outside the buffer boundaries in memory.
memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by injecting the
arbitrary code by injecting the AUTH command

The Exim smtp mail server smtp service vulnerability is related to an operation exceeding the buffer boundaries in memory as a result of incorrect processing of special commands.
as a result of incorrect processing of special elements. Exploitation of the vulnerability could allow
an attacker acting remotely to execute arbitrary code

Vulnerability in libspf2 library of Exim mail server is related to integer overflow as a result of using SPF macros.
SPF macros. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code

Exim smtp mail server smtp service vulnerability is related to operation out of buffer boundaries in memory when implementing a dns query style search type.
dnsdb query style search type implementation. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information

Vulnerability of NTLM (New Technology LAN Manager) protocol implementation in Exim mail server is related to
operation exceeding buffer boundaries in memory during request processing. Exploitation of the vulnerability could
allow a remote intruder to gain unauthorized access to protected information

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64exim<= 4.96-4UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

32.5%