CVE-2017-16943
https://notcve.org/view.php?id=CVE-2017-16943
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. La función receive_msg en receive.c en el demonio SMTP en Exim 4.88 y 4.89 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) mediante vectores relacionados con comandos BDAT. • https://github.com/beraphin/CVE-2017-16943 http://openwall.com/lists/oss-security/2017/11/25/1 http://openwall.com/lists/oss-security/2017/11/25/2 http://openwall.com/lists/oss-security/2017/11/25/3 http://www.openwall.com/lists/oss-security/2021/05/04/7 http://www.securitytracker.com/id/1039872 https://bugs.exim.org/show_bug.cgi?id=2199 https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde https://git.exim.org/exim.git/commitdiff/4e6a • CWE-416: Use After Free •
CVE-2017-16944 – Exim 4.89 - 'BDAT' Denial of Service
https://notcve.org/view.php?id=CVE-2017-16944
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function. La función receive_msg en receive.c en el demonio SMTP en Exim 4.88 y 4.89 permite que atacantes remotos provoquen una denegación de servicio (bucle infinito y agotamiento de pila) mediante vectores relacionados con comandos BDAT y una comprobación infinita para un carácter "." que implique el fin del contexto. Esto se relaciona con la función bdat_getc. Exim version 4.89 suffers from a denial of service vulnerability while parsing the BDAT data header. • https://www.exploit-db.com/exploits/43184 http://openwall.com/lists/oss-security/2017/11/25/1 http://openwall.com/lists/oss-security/2017/11/25/2 http://openwall.com/lists/oss-security/2017/11/25/3 http://www.openwall.com/lists/oss-security/2021/05/04/7 http://www.securitytracker.com/id/1039873 https://bugs.exim.org/show_bug.cgi?id=2201 https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html https://www.debian.org/security/2017/dsa- • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-1000369
https://notcve.org/view.php?id=CVE-2017-1000369
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. Exim es compatible con el uso de múltiples argumentos de líneas de comandos \"-p\" en los que se emplea la función malloc() y nunca la función free(). Estos argumentos, junto con otros problemas permite que los atacantes provoquen la ejecución de código arbitrario. • http://www.debian.org/security/2017/dsa-3888 http://www.securityfocus.com/bid/99252 http://www.securitytracker.com/id/1038779 https://access.redhat.com/security/cve/CVE-2017-1000369 https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21 https://security.gentoo.org/glsa/201709-19 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt • CWE-404: Improper Resource Shutdown or Release •