Lucene search
+L

69 matches found

Ubuntu
Ubuntu
added 2017/11/29 5:53 p.m.58 views

USN-3499-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain BDAT data headers. A remote attacker could possibly use this issue to cause Exim to crash, resulting in a denial of service...

7.5CVSS8.3AI score0.6332EPSS
Exploits7
seebug.org
seebug.org
added 2017/11/29 12:0 a.m.90 views

Exim 4.89 - 'BDAT' Denial of Service(CVE-2017-16944)

On 23 November, 2017, we reported two vulnerabilities to Exim. These bugs exist in the SMTP daemon and attackers do not need to be authenticated, including CVE-2017-16943 for a use-after-free UAF vulnerability, which leads to Remote Code Execution RCE; and CVE-2017-16944 for a Denial-of-Service D...

7.5CVSS8.4AI score0.6332EPSS
Exploits9
Check Point Advisories
Check Point Advisories
added 2017/11/29 12:0 a.m.8 views

Exim MTA BDAT Denial Of Service (CVE-2017-16944)

A denial of service vulnerability exists in Exim message transfer agent. The vulnerability is due to improper pointer resetting. A remote attacker can exploit this vulnerability by crafting a sequence of BDAT commands. Successful exploitation can lead to program crash on the effected system...

5CVSS3.5AI score0.6332EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2017/11/28 12:0 a.m.14 views

Exim MTA BDAT Remote Code Execution (CVE-2017-16943)

A remote code execution vulnerability exists in Exim message transfer agent. The vulnerability is due to improper pointer resetting. A remote attacker can exploit this vulnerability by crafting a sequence of BDAT commands. Successful exploitation can lead to arbitrary code execution on the effect...

7.5CVSS4.4AI score0.46705EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2017/11/27 9:19 a.m.70 views

CVE-2017-16944

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...

7.5CVSS5.6AI score0.6332EPSS
Exploits7References1
Packet Storm
Packet Storm
added 2017/11/27 12:0 a.m.76 views

Exim 4.89 Denial Of Service

While parsing BDAT data header, exim still scans for '.' and consider it the end of mail. https://github.com/Exim/exim/blob/master/src/src/receive.cL1867 Exim goes into an incorrect state after this message is sent because the function pointer receivegetc is not reset. If the following command is...

7.1AI score0.6332EPSS
Exploits7
exploitpack
exploitpack
added 2017/11/27 12:0 a.m.25 views

Exim 4.89 - BDAT Denial of Service

Exim 4.89 - BDAT Denial of Service While parsing BDAT data header, exim still scans for '.' and consider it the end of mail. https://github.com/Exim/exim/blob/master/src/src/receive.cL1867 Exim goes into an incorrect state after this message is sent because the function pointer receivegetc is not...

7.3AI score
Exploits0
0day.today
0day.today
added 2017/11/27 12:0 a.m.125 views

Exim 4.89 - BDAT Denial of Service Exploit

Exploit for multiple platform in category dos / poc While parsing BDAT data header, exim still scans for '.' and consider it the end of mail. https://github.com/Exim/exim/blob/master/src/src/receive.cL1867 Exim goes into an incorrect state after this message is sent because the function pointer...

5CVSS8.8AI score0.6332EPSS
Exploits7
UbuntuCve
UbuntuCve
added 2017/11/27 12:0 a.m.32 views

CVE-2017-16944

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...

7.5CVSS7.3AI score0.6332EPSS
Exploits7References2
UbuntuCve
UbuntuCve
added 2017/11/27 12:0 a.m.36 views

CVE-2017-16943

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via vectors involving BDAT commands...

9.8CVSS7.7AI score0.46705EPSS
Exploits6References3
Exploit DB
Exploit DB
added 2017/11/27 12:0 a.m.136 views

Exim 4.89 - 'BDAT' Denial of Service

While parsing BDAT data header, exim still scans for '.' and consider it the end of mail. https://github.com/Exim/exim/blob/master/src/src/receive.cL1867 Exim goes into an incorrect state after this message is sent because the function pointer receivegetc is not reset. If the following command is...

7.4AI score
Exploits0
OSV
OSV
added 2017/11/27 12:0 a.m.4 views

UBUNTU-CVE-2017-16944

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...

7.5CVSS7.4AI score0.6332EPSS
Exploits7References3
OSV
OSV
added 2017/11/27 12:0 a.m.5 views

UBUNTU-CVE-2017-16943

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via vectors involving BDAT commands...

9.8CVSS7.8AI score0.46705EPSS
Exploits6References4
OpenVAS
OpenVAS
added 2017/11/27 12:0 a.m.59 views

Exim Multiple RCE Vulnerabilities

Exim is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exim:exim"; ...

9.8CVSS9.2AI score0.6332EPSS
Exploits9References3
NVD
NVD
added 2017/11/25 5:29 p.m.21 views

CVE-2017-16943

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via vectors involving BDAT commands...

9.8CVSS9.7AI score0.46705EPSS
Exploits6References11
Prion
Prion
added 2017/11/25 5:29 p.m.28 views

Design/Logic Flaw

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via vectors involving BDAT commands...

7.5CVSS9.6AI score0.6332EPSS
Exploits9References11Affected Software2
NVD
NVD
added 2017/11/25 5:29 p.m.20 views

CVE-2017-16944

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...

7.5CVSS7.5AI score0.6332EPSS
Exploits7References9
OSV
OSV
added 2017/11/25 5:29 p.m.29 views

CVE-2017-16943

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via vectors involving BDAT commands...

9.8CVSS8.3AI score0.6332EPSS
Exploits7References11
OSV
OSV
added 2017/11/25 5:29 p.m.28 views

CVE-2017-16944

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...

7.5CVSS9.2AI score
Exploits0References9
OSV
OSV
added 2017/11/25 5:29 p.m.5 views

DEBIAN-CVE-2017-16944

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...

7.5CVSS8.4AI score0.6332EPSS
Exploits7References1
Rows per page
Query Builder