CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
28.8%
Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure
Vulnerability. This vulnerability allows remote attackers to disclose
sensitive information on affected installations of Exim. Authentication is
not required to exploit this vulnerability. The specific flaw exists within
the handling of NTLM challenge requests. The issue results from the lack of
proper validation of user-supplied data, which can result in a read past
the end of an allocated data structure. An attacker can leverage this
vulnerability to disclose information in the context of the service
account. Was ZDI-CAN-17433.
Author | Note |
---|---|
eslerm | no security patches available, see ZDI’s timeline |
allenpthuang | patches now available, see the thread on Openwall |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | exim4 | < 4.90.1-1ubuntu1.10+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | exim4 | < 4.93-13ubuntu1.8 | UNKNOWN |
ubuntu | 22.04 | noarch | exim4 | < 4.95-4ubuntu2.3 | UNKNOWN |
ubuntu | 23.04 | noarch | exim4 | < 4.96-14ubuntu1.2 | UNKNOWN |
ubuntu | 23.10 | noarch | exim4 | < 4.96-17ubuntu2 | UNKNOWN |
ubuntu | 14.04 | noarch | exim4 | < 4.82-3ubuntu2.4+esm6 | UNKNOWN |
ubuntu | 16.04 | noarch | exim4 | < 4.86.2-2ubuntu2.6+esm4 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-42114
nvd.nist.gov/vuln/detail/CVE-2023-42114
security-tracker.debian.org/tracker/CVE-2023-42114
ubuntu.com/security/notices/USN-6411-1
www.cve.org/CVERecord?id=CVE-2023-42114
www.openwall.com/lists/oss-security/2023/10/02/3
www.zerodayinitiative.com/advisories/ZDI-23-1468/
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
28.8%