VuXML ID | Description |
8c1a271d-56cf-11e7-b9fe-c13eb7bcbf4f | exim -- Privilege escalation via multiple memory leaks
Qualsys reports:
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
Discovery 2017-06-19 Entry 2017-06-21 exim
< 4.89_1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369
|
68b29058-d348-11e7-b9fe-c13eb7bcbf4f | exim -- remote code execution, deny of service in BDAT
Exim team reports:
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
Discovery 2017-11-23 Entry 2017-11-27 exim
>= 4.88 lt 4.89_2
https://bugs.exim.org/show_bug.cgi?id=2199
|
75dd622c-d5fd-11e7-b9fe-c13eb7bcbf4f | exim -- remote DoS attack in BDAT processing
Exim developers team reports:
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
Discovery 2017-11-23 Entry 2017-11-30 exim
>= 4.88 lt 4.89.1
https://bugs.exim.org/show_bug.cgi?id=2199
CVE-2017-16944
|
316b3c3e-0e98-11e8-8d41-97657151f8c2 | exim -- a buffer overflow vulnerability, remote code execution
Exim developers report:
There is a buffer overflow in base64d(), if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible.
Discovery 2018-02-05 Entry 2018-02-10 exim
< 4.90.1
https://exim.org/static/doc/security/CVE-2018-6789.txt
|
45bea6b5-8855-11e9-8d41-97657151f8c2 | Exim -- RCE in deliver_message() function
Exim team and Qualys report:
We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.
A patch exists already, is being tested, and backported to all
versions we released since (and including) 4.87.
The severity depends on your configuration. It depends on how close to
the standard configuration your Exim runtime configuration is. The
closer the better.
Exim 4.92 is not vulnerable.
Discovery 2019-05-27 Entry 2019-06-06 exim
>= 4.87 lt 4.92
CVE-2019-10149
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
|
3e0da406-aece-11e9-8d41-97657151f8c2 | Exim -- RCE in ${sort} expansion
Exim team report:
A local or remote attacker can execute programs with root privileges - if you've an unusual configuration.
If your configuration uses the ${sort } expansion for items that can be controlled by an attacker (e.g. $local_part, $domain). The default config, as shipped by the Exim developers, does not contain ${sort }.
The vulnerability is exploitable either remotely or locally and could
be used to execute other programs with root privilege. The ${sort }
expansion re-evaluates its items.
Exim 4.92.1 is not vulnerable.
Discovery 2019-07-18 Entry 2019-07-25 Modified 2019-07-26 exim
>= 4.85 lt 4.92.1
CVE-2019-13917
https://www.exim.org/static/doc/security/CVE-2019-13917.txt
|
61db9b88-d091-11e9-8d41-97657151f8c2 | Exim -- RCE with root privileges in TLS SNI handler
Exim developers report:
If your Exim server accepts TLS connections, it is vulnerable. This does
not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected.
The vulnerability is exploitable by sending a SNI ending in a
backslash-null sequence during the initial TLS handshake. The exploit
exists as a POC. For more details see the document qualys.mbx
Discovery 2019-09-02 Entry 2019-09-06 exim
< 4.92.2
https://git.exim.org/exim.git/blob_plain/2600301ba6dbac5c9d640c87007a07ee6dcea1f4:/doc/doc-txt/cve-2019-15846/cve.txt
|