| VID |
18127 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
According to its banner, the version of Exim running on the remote host is prior to 4.96. It is, therefore, potentially affected by an invalid free error which can be exploited by a remote, unauthenticated attacker.
Successful exploitation may result in a denial of service. This vulnerability requires PAM support and plaintext authentication to be enabled.
* References:
https://github.com/ivd38/exim_invalid_free
https://bugs.exim.org/show_bug.cgi?id=2813
* Platforms Affected:
Cambridge University, Exim versions prior to 4.96
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest exim package (4.96 later), available from the Exim Internet Mailer Web site at http://www.exim.org/ |
| Related URL |
CVE-2022-37451 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
