60 results (0.011 seconds)

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 http://www.openwall.com/lists/oss-security/2023/12/25/1 http://www.openwall.com/lists/oss-security/2023/12/29/2 http://www.openwall.com/lists/oss-security/2024/01/01/1 http://www.openwall.com/lists/oss-security/2024/01/01/2 http://www.openwall.com/lists/oss-security/2024/01/01/3 https://bugs.exim.org/show_bug.cgi?id=3063 https://bugzilla.redhat.com/show_bug.cgi?id=2255852 https:/ • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0

Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. • https://www.zerodayinitiative.com/advisories/ZDI-23-1468 • CWE-125: Out-of-bounds Read •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.zerodayinitiative.com/advisories/ZDI-23-1470 • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.zerodayinitiative.com/advisories/ZDI-23-1469 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Exim versiones anteriores a 4.95, presenta un desbordamiento de búfer en la región heap de la memoria para la lista de alias en la función host_name_lookup en el archivo host.c cuando sender_host_name está establecido • https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 https://github.com/Exim/exim/compare/exim-4.94...exim-4.95 https://github.com/Exim/exim/wiki/EximSecurity https://github.com/ivd38/exim_overflow https://lists.debian.org/debian-lts-announce/2022/08/msg00014.html https://www.exim.org/static/doc/security https://www.openwall.com/lists/oss-security/2022/08/06/8 • CWE-787: Out-of-bounds Write •