Published: 02/05/2005 Updated: 11/10/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Multiple buffer overflows in Exim prior to 4.43 may allow malicious users to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
university of cambridge exim
university of cambridge exim 4.41
university of cambridge exim 4.42

Synopsis exim security update Type/Severity Security Advisory: Moderate Topic Updated exim packages that resolve security issues are now available for RedHat Enterprise Linux 4This update has been rated as having moderate security impact by the Red HatSecurity Response Team Description Ex ...

A flaw has been found in the host_aton() function, which can overflow a buffer if it is presented with an illegal IPv6 address that has more than 8 components When supplying certain command line parameters, the input was not checked, so that a local attacker could possibly exploit the buffer overflow to run arbitrary code with the privileges of th ...

Philip Hazel announced a buffer overflow in the host_aton function in exim-tls, the SSL-enabled version of the default mail-transport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address For the stable distribution (woody) this problem has been fixed in version 335-3woody3 In the unstable distribution (s ...

Philip Hazel announced a buffer overflow in the host_aton function in exim, the default mail-transport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address For the stable distribution (woody) this problem has been fixed in version 335-1woody4 For the unstable distribution (sid) this problem has been fixe ...

/* This proof-of-concept demonstrates the existence of the vulnerability reported by iDEFENSE (iDEFENSE Security Advisory 011405) It has been tested against exim-441 under Debian GNU/Linux Note that setuid () is not included in the shellcode to avoid script-kidding My RET is 0xbffffae4, but fbpl can brute-force it for you ----------- Brute ...

/* * ripped straight off iDEFENSE advisory - so lazy I just picked * up GDB bored on a weeknight :( * * nothing to write home to mother about due to the fact that * you need a local user account on a server and all you * get is to read other people's emails * * not even my own shellcode aleph1 shellcode - cut and paste job * w ...

NVD-CWE-Other http://www.idefense.com/application/poi/display?id=179&type=vulnerabilities http://www.idefense.com/application/poi/display?id=183&type=vulnerabilities http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44 http://www.debian.org/security/2005/dsa-635 http://www.debian.org/security/2005/dsa-637 http://security.gentoo.org/glsa/glsa-200501-23.xml http://www.redhat.com/support/errata/RHSA-2005-025.html http://www.kb.cert.org/vuls/id/132992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10347 https://access.redhat.com/errata/RHSA-2005:025 https://usn.ubuntu.com/56-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/756/https://www.kb.cert.org/vuls/id/132992

CVE-2005-0021

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect