Published: 03/05/2024 Updated: 03/05/2024

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability NOTE: wwwzerodayinitiativecom/advisories/ZDI-23-1470/ (CVE-2023-42116) Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability NOTE: wwwzerodayinitiativecom/advisories/ZDI-23-1471/ (CVE-2023-42117) ...

DescriptionThe vulnerability was found in Exim within the smtp service, which listens on TCP port 25 by default The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition An attacker can leverage this vulnerability to execute code in the context of the current process Auth ...

https://www.zerodayinitiative.com/advisories/ZDI-23-1471/https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2023-1860.html https://access.redhat.com/security/cve/cve-2023-42117 https://www.zerodayinitiative.com/advisories/ZDI-23-1471/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-42117

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect