Lucene search

K
saintSAINT CorporationSAINT:A9B0B05DC77287BBA5CCE7B14B30EB70
HistoryMay 16, 2018 - 12:00 a.m.

Exim SMTP listener base64d function one-character buffer overflow

2018-05-1600:00:00
SAINT Corporation
my.saintcorporation.com
597

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.958

Percentile

99.5%

Added: 05/16/2018
CVE: CVE-2018-6789
BID: 103049

Background

Exim is a mail transfer agent used on Unix-like operating systems.

Problem

Exim 5.90 and earlier are vulnerable to a one-character buffer overflow in the **base64d()** function in the SMTP listener.

Resolution

Upgrade to Exim 4.90.1 or higher, apply the update from your system vendor, or apply the patch supplied by Exim.

References

<https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/&gt;
<https://exim.org/static/doc/security/CVE-2018-6789.txt&gt;
<https://bugzilla.redhat.com/show_bug.cgi?id=1543268&gt;
<https://bugzilla.novell.com/show_bug.cgi?id=1079832&gt;

Limitations

Exploit works on Exim 4.89 and 4.88 on Debian stretch and Ubuntu zesty.

The target Exim configuration must have an authenticator using base64 enabled. CRAM-MD5 authenticator uses base64 and is enabled by default.

Platforms

Linux

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.958

Percentile

99.5%