Korean

<< Back VID 18062 Severity 40 Port 25 Protocol TCP Class SMTP Detailed Description The Exim SMTP server, according to its version number, is vulnerable to multiple buffer overflows. Exim, developed by the University of Cambridge, is an open-source Mail Transfer Agent for various Unix platforms. Exim versions 3.35 and 4.32 are vulnerable to multiple stack-based buffer overflows. If either 'headers_check_syntax' or 'sender_verify = true' setting is enabled in the exim.conf configuration file, a remote attacker could exploit this vulnerability to overflow a buffer and possibly execute arbitrary code on the vulnerable system. These vulnerable functionalities are not enabled in the default install, but some Linux/Unix distributions that ship the software may enable it. * Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a false positive. * References: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0264.html * Platforms Affected: Cambridge University, Exim 3.35 Cambridge University, Exim 4.32 Debian Linux 3.0 Unix Any version Linux Any version Recommendation For Debian GNU/Linux 3.0 (woody): Upgrade to the latest exim package (3.35-1woody3 or later), as listed in Debian Security Advisory DSA-501-1 at http://www.debian.org/security/2004/dsa-501 An untested, third-party patch has been provided at the following location: http://www.guninski.com/exim1.html For other distributions: Contact your vendor for upgrade or patch information. As a workaround, disable the affected configuration directive in the exim.conf file if it has been enabled and it is not explicitly required. This issue exists if header syntax verification has been enabled in exim.conf. In version 3.35 this is enabled with "headers_check_syntax" and in version 4.32 this is enabled with "require verify = header_syntax". Related URL CVE-2004-0399,CVE-2004-0400 (CVE) Related URL 10291 (SecurityFocus) Related URL 16075,16077,16079 (ISS)