| VID |
18118 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
According to its banner and supported extensions, the remote installation of Exim is affected by a code execution flaw. The implementation of the BDAT SMTP verb for sending large binary messages introduced in Exim 4.88 can incorrectly free an in-use region of memory, leading to memory corruption and potentially allowing an attacker to execute code.
* References:
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
* Platforms Affected:
Cambridge University, Exim versions prior to 4.89.1
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest exim package (4.89.1 or later), available from the Exim Internet Mailer Web site at http://www.exim.org/ |
| Related URL |
CVE-2017-16943 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
