Exim 4.92 up to and including 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exim exim |
||
canonical ubuntu linux 19.04 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
Remote code flaw sparks calls for major updates Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server
Admins of Linux and Unix boxes running Exim would be well-advised to update the software following the disclosure of another critical security flaw. The Exim 4.92.3 patch, released on September 28th, includes a fix to close up the CVE-2019-16928 flaw. Discovered by bug-hunters with the QAX A-Team, the vulnerability is caused by a buffer overflow error that occurs when Exim processes an extremely long string in an Extended HELO (EHLO) Extended Simple Mail Transfer Protocol (ESMTP) command message...