Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
exim -- two buffer overflow vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Insight
Insight
The following packages are affected: exim exim-ldap exim-ldap2 exim-mysql exim-postgresql exim-sa-exim CVE-2005-0021 Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function. CVE-2005-0022 Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
Solution
Solution
Update your system with the appropriate patches or software upgrades. http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html http://marc.theaimsgroup.com/?l=bugtraq&m=110573573800377 http://www.vuxml.org/freebsd/ca9ce879-5ebb-11d9-a01c-0050569f0001.html