CVE-2023-51766
https://notcve.org/view.php?id=CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 http://www.openwall.com/lists/oss-security/2023/12/25/1 http://www.openwall.com/lists/oss-security/2023/12/29/2 http://www.openwall.com/lists/oss-security/2024/01/01/1 http://www.openwall.com/lists/oss-security/2024/01/01/2 http://www.openwall.com/lists/oss-security/2024/01/01/3 https://bugs.exim.org/show_bug.cgi?id=3063 https://bugzilla.redhat.com/show_bug.cgi?id=2255852 https:/ • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2023-42114 – Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42114
Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. • https://www.zerodayinitiative.com/advisories/ZDI-23-1468 • CWE-125: Out-of-bounds Read •
CVE-2023-42116 – Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42116
Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.zerodayinitiative.com/advisories/ZDI-23-1470 • CWE-121: Stack-based Buffer Overflow •
CVE-2023-42115 – Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42115
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.zerodayinitiative.com/advisories/ZDI-23-1469 • CWE-787: Out-of-bounds Write •
CVE-2022-37451
https://notcve.org/view.php?id=CVE-2022-37451
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. Exim versiones anteriores a 4.96, presenta una liberación no válida en el archivo pam_converse en auths/call_pam.c porque store_free no es usada después de store_malloc • https://cwe.mitre.org/data/definitions/762.html https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42 https://github.com/Exim/exim/compare/exim-4.95...exim-4.96 https://github.com/Exim/exim/wiki/EximSecurity https://github.com/ivd38/exim_invalid_free https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LETR5CVDPFOFQHXCJP6NFLG52JZHQYDY https://lists.fedoraproject.org/arc • CWE-763: Release of Invalid Pointer or Reference •