CERT/CC Vulnerability Note VU#132992

Overview

The Exim Mail Transfer Agent (MTA) contains a buffer overflow that allows a local attacker to execute arbitrary code.

Description

Exim MTA is an open-source mail transport agent distributed by the University of Cambridge. A lack of input validation on user supplied data may allow a buffer overflow to occur in Exim. If a local attacker supplies the Exim with a specially crafted command line options, that attacker may be able to cause a buffer overflow in the dns_build_reverse()routine.

According to public reports, this vulnerability exists in Exim versions prior to 4.44.

Impact

A local attacker may be able to execute arbitrary code with elevated (root) privileges.

Solution

Upgrade

This issue has been addressed in Exim version 4.4.

Vendor Information

132992

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Conectiva Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Debian advisories for this vulnerability can be found at:

http://www.nl.debian.org/security/2005/dsa-635

http://www.debian.org/security/2005/dsa-637

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Gentoo advisory for this vulnerability can be found at:

http://www.gentoo.org/security/en/glsa/glsa-200501-23.xml

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Immunix Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc. Unknown

Updated: January 28, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

University of Cambridge Unknown

Updated: January 27, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 13 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by iDEFENSE Inc.

This document was written by Jeff Gennari.

Other Information

CVE IDs:	CVE-2005-0021
Severity Metric:	2.76
Date Public:	2005-01-14
Date First Published:	2005-01-27
Date Last Updated:	2005-01-28 20:18 UTC
Document Revision:	69

Software Engineering Institute

CERT Coordination Center

Exim vulnerable to buffer overflow via the dns_build_reverse() routine

Vulnerability Note VU#132992

Overview

Description

Impact

Solution

Vendor Information

Conectiva Unknown

Status

Vendor Statement

Vendor Information

Addendum

Debian Unknown

Status

Vendor Statement

Vendor Information

Addendum

Engarde Unknown

Status

Vendor Statement

Vendor Information

Addendum

Gentoo Unknown

Status

Vendor Statement

Vendor Information

Addendum

Hewlett-Packard Company Unknown

Status

Vendor Statement

Vendor Information

Addendum

IBM Unknown

Status

Vendor Statement

Vendor Information

Addendum

Immunix Unknown

Status

Vendor Statement

Vendor Information

Addendum

Ingrian Networks Unknown

Status

Vendor Statement

Vendor Information

Addendum

MandrakeSoft Unknown

Status

Vendor Statement

Vendor Information

Addendum

MontaVista Software Unknown

Status

Vendor Statement

Vendor Information

Addendum

OpenBSD Unknown

Status

Vendor Statement

Vendor Information

Addendum

Red Hat Inc. Unknown

Status

Vendor Statement

Vendor Information

Addendum

University of Cambridge Unknown

Status

Vendor Statement

Vendor Information

Addendum

CVSS Metrics

References

Acknowledgements

Other Information

Contact CERT/CC