| VID |
18077 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Exim SMTP server, according to its banner, has multiple buffer overflow vulnerabilities(2). Exim is an open-source mail transport agent distributed by the University of Cambridge. Exim versions 4.43 and earlier are vulnerable to multiple buffer overflow vulnerabilities, which can allow a local attacker to overflow a buffer and possibly gain elevated privileges:
1) A boundary error in the function "host_aton()" when handling IPv6 addresses may be exploited to cause a buffer overflow by supplying a specially crafted IPv6 address with more than 8 components to an unspecified command line option.
2) A boundary error in the function "spa_base64_to_bits()" when handling SPA authentication can be exploited to cause a buffer overflow. Successful exploitation requires that SPA authentication is enabled.
3) A boundary error in the "dns_build_reverse()" function can be exploited to cause a buffer overflow by passing an overly long string via a command line option.
* Note: This check solely relied on the banner of the remote Exim SMTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html
http://www.kb.cert.org/vuls/id/132992
http://www.ciac.org/ciac/bulletins/p-097.shtml
http://secunia.com/advisories/13713/
http://www.securitytracker.com/alerts/2005/Jan/1012771.html
* Platforms Affected:
Cambridge University, Exim versions 4.43 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Apply the appropriate patch for this vulnerability, as listed in SecurityFocus Web site at http://securityfocus.com/bid/12185/solution/
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest version of exim (3.35-1woody4 or later), as listed in Debian Security Advisory DSA-635-1 at http://www.debian.org/security/2005/dsa-635
For Gentoo Linux:
Upgrade to the latest version of exim (4.43-r2 or later), as listed in Gentoo Linux Security Advisory GLSA 200501-23 at http://www.gentoo.org/security/en/glsa/glsa-200501-23.xml
For Ubuntu Linux:
Upgrade to the latest exim4 package (4.34-5ubuntu1.1 or later), as listed in Ubuntu Security Notice USN-56-1 January 07, 2005 at http://lists.ubuntu.com/archives/ubuntu-security-announce/2005-January/000058.html
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2005-0021,CVE-2005-0022 (CVE) |
| Related URL |
12185,12188 (SecurityFocus) |
| Related URL |
18763,18764 (ISS) |
|
