Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-16928

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Heiko Schlittermann &lt;hs () nodmarc schlittermann de&gt;

Date: Sun, 29 Sep 2019 01:20:24 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
** Exim 4.92.3 released (security release) **

CVE ID:     CVE-2019-16928
Date:       2019-09-27 (CVE assigned)
Version(s): from 4.92 up to and including 4.92.2
Reporter:   QAX-A-TEAM &lt;areuu () outlook com&gt;
Reference:  https://bugs.exim.org/show_bug.cgi?id=2449
Issue:      Heap-based buffer overflow in string_vformat,
            remote code execution seems to be possible

Conditions to be vulnerable
===========================

All versions from (and including) 4.92 up to (and including) 4.92.2 are
vulnerable.

Details
=======

There is a heap-based buffer overflow in string_vformat (string.c).
The currently known exploit uses a extraordinary long EHLO string to
crash the Exim process that is receiving the message. While at this
mode of operation Exim already dropped its privileges, other paths to
reach the vulnerable code may exist.

Mitigation
==========

There is - beside updating the server - no known mitigation.

Fix
===

Download and build the fixed version 4.92.3

    Tarballs: https://ftp.exim.org/pub/exim/exim4/
    Git:      https://github.com/Exim/exim.git (mirror)
                git://git.exim.org/exim.git
              - tag    exim-4.92.3
              - branch exim-4.92.3+fixes

The tagged commit is the officially released version. The +fixes branch
isn't officially maintained, but contains the security fix *and* useful
fixes.

The tarballs, the Git tag, and the Git commits are signed with my GPG
key (same as I used to sign this mail.)

If you can't install the above versions, ask your package maintainer for
a version containing the backported fix. On request and depending on our
resources we will support you in backporting the fix.  (Please note,
the Exim project officially doesn't support versions prior the current
stable version.)

Timeline
=========

- 2019-09-27    Report as Bug 2499
- 2019-09-28    Announcement to exim-maintainers, oss-security
- 2019-09-28    Release 4.92.3, Release-Announcements to
                exim-{announce,users,maintainers}, oss-security
Attachment:
signature.asc
Description: 

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann (Sep 27)

Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Dominic Taylor (Sep 28)

Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann (Sep 28)

Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann (Sep 28)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow

Vulmon Search

About

Products

Connect