Published: 25/11/2017 Updated: 04/05/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote malicious users to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exim exim 4.88
exim exim 4.89
debian debian linux 9.0

Exim could be made to crash if it received specially crafted network traffic ...

Debian Bug report logs - #882671 exim4: CVE-2017-16944: handles BDAT data incorrectly and leads to crash Package: src:exim4; Maintainer for src:exim4 is Exim4 Maintainers <pkg-exim4-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 25 Nov 2017 14:15:02 UTC Severity ...

Debian Bug report logs - #882648 exim4: CVE-2017-16943: use-after-free vulnerability while reading mail header Package: exim4; Maintainer for exim4 is Exim4 Maintainers <pkg-exim4-maintainers@listsaliothdebianorg>; Source for exim4 is src:exim4 (PTS, buildd, popcon) Reported by: Dominic Hargreaves <dom@earthli> D ...

Several vulnerabilities have been discovered in Exim, a mail transport agent The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-16943 A use-after-free vulnerability was discovered in Exim's routines responsible for parsing mail headers A remote attacker can take advantage of this flaw to cause ...

Use-after-free in receive_msg function via vectors involving BDAT commandsThe receive_msg function in receivec in the SMTP daemon in Exim 488 and 489 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands (CVE-2017-16943) Infinite loop and stack exhaustion in receive_m ...

The receive_msg function in receivec in the SMTP daemon in Exim 488 and 489 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '' character signifying the end of the content, related to the bdat_getc function ...

While parsing BDAT data header, exim still scans for '' and consider it the end of mail githubcom/Exim/exim/blob/master/src/src/receivec#L1867 Exim goes into an incorrect state after this message is sent because the function pointer receive_getc is not reset If the following command is also a BDAT, receive_getc and lwr_receive_getc be ...

exim_check Tool checks for EXIM mail servers vulnerable to CVE-2017-16943, CVE-2017-16944 by checking the exim Version and the returned capabilities If the mail server does not reply with a vulnerable exim version in the banner or does not return CHUNKING as a capability the server is assumed to be not vulnerable Keep this in mind when testing and understanding results Vulne

Exim-ergency! Unix mailer has RCE, DoS vulnerabilities

The Register • Richard Chirgwin • 26 Nov 2017

Patch imminent, for now please turn off email attachment chunking

Sysadmins who tend Exim servers have been advised to kick off their working weeks with the joy of patching. The popular (if relatively low-profile) Internet mail message transfer agent (MTA) advised of flaws in a Black Friday post to its public bugtracker, which as contributor Phil Pennock said in this message came without any prior notice. The bug tracker post explained that when parsing the BDAT data header, Exim scans for the '.' character to signify the end of an email. BDAT is a server verb...

CVE-2017-16944

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect