Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-28015 CVE-2020-28017 CVE-2020-28018 CVE-2020-28021

Prior versions of Exim 4 have Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2020-28015">CVE-2020-28015</a>) Prior versions of Exim 4 allowed Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2020-28017">CVE-2020-28017</a>) Prior versions of Exim 4 allowed Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2020-28018">CVE-2020-28018</a>) Prior versions of Exim 4 have Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2020-28021">CVE-2020-28021</a>)

Source

ALAS-2021-1497

Amazon Linux AMI Security Advisory: ALAS-2021-1497
Advisory Release Date: 2021-05-06 19:11 Pacific
Advisory Updated Date: 2021-05-07 20:34 Pacific

Severity: Important

References: CVE-2020-28015 CVE-2020-28017 CVE-2020-28018 CVE-2020-28021

Issue Overview:

Prior versions of Exim 4 have Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2020-28015">CVE-2020-28015</a>)

Prior versions of Exim 4 allowed Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2020-28017">CVE-2020-28017</a>)

Prior versions of Exim 4 allowed Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2020-28018">CVE-2020-28018</a>)

Prior versions of Exim 4 have Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2020-28021">CVE-2020-28021</a>)

Affected Packages:

exim

Issue Correction:
Run yum update exim to update your system.

New Packages:

i686:
    exim-mysql-4.92-1.27.amzn1.i686
    exim-mon-4.92-1.27.amzn1.i686
    exim-debuginfo-4.92-1.27.amzn1.i686
    exim-4.92-1.27.amzn1.i686
    exim-greylist-4.92-1.27.amzn1.i686
    exim-pgsql-4.92-1.27.amzn1.i686

src:
    exim-4.92-1.27.amzn1.src

x86_64:
    exim-4.92-1.27.amzn1.x86_64
    exim-mon-4.92-1.27.amzn1.x86_64
    exim-greylist-4.92-1.27.amzn1.x86_64
    exim-pgsql-4.92-1.27.amzn1.x86_64
    exim-mysql-4.92-1.27.amzn1.x86_64
    exim-debuginfo-4.92-1.27.amzn1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2021-1497

ALAS-2021-1497

Vulmon Search

About

Products

Connect