Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
BID:23977
Info
Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 23977 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 14 2007 12:00AM |
| Updated: | May 14 2007 10:48PM |
| Credit: | [email protected] is credited with discovering this issue. |
| Vulnerable: |
University of Cambridge Exim 4.66 |
| Not Vulnerable: | |
Discussion
Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
Exim is prone to a remote buffer-overflow vulnerability when used in conjunction with remote SpamAssassin servers. This issue occurs because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts may result in denial-of-service conditions.
Exim 4.66 is vulnerable to this issue; other versions may also be affected.
Exim is prone to a remote buffer-overflow vulnerability when used in conjunction with remote SpamAssassin servers. This issue occurs because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts may result in denial-of-service conditions.
Exim 4.66 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
References:
References: