An issue exists in the base64d function in the SMTP listener in Exim prior to 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exim exim |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 17.10 |
||
canonical ubuntu linux 16.04 |
Bug already plugged, get updating
Researchers have uncovered a critical buffer overflow vulnerability in all versions of the Exim mail transfer agent. The flaw (CVE-2018-6789) leaves an estimated 400,000 email servers at potential risk to remote code execution-style attacks. Fortunately a patched version (Exim version 4.90.1) is already available. The bug might be exploited by unauthenticated users rather than hackers who have already broken into targeted systems or scored login credentials through some other (doubtless nefariou...