Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0743

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0743
Last Modified 10 Sep 2008 03:20:20
Published 20 Oct 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0743

Summary

Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.

Vulnerable Systems

Application

  • University Of Cambridge Exim 3.0

  • University Of Cambridge Exim 3.11

  • University Of Cambridge Exim 3.12

  • University Of Cambridge Exim 3.13

  • University Of Cambridge Exim 3.14

  • University Of Cambridge Exim 3.15

  • University Of Cambridge Exim 3.16

  • University Of Cambridge Exim 3.17

  • University Of Cambridge Exim 3.18

  • University Of Cambridge Exim 3.19

  • University Of Cambridge Exim 3.20

  • University Of Cambridge Exim 3.21

  • University Of Cambridge Exim 3.22

  • University Of Cambridge Exim 3.3

  • University Of Cambridge Exim 3.3.1

  • University Of Cambridge Exim 3.3.2

  • University Of Cambridge Exim 3.30

  • University Of Cambridge Exim 3.31

  • University Of Cambridge Exim 3.32

  • University Of Cambridge Exim 3.33

  • University Of Cambridge Exim 3.34

  • University Of Cambridge Exim 3.35

  • University Of Cambridge Exim 3.36

  • University Of Cambridge Exim 4.10

  • University Of Cambridge Exim 4.20


References

DEBIAN - DSA-376

BUGTRAQ - 20030901 exim remote heap overflow, probably not exploitable

MLIST - [Exim] 20030815 Minor security bug

MLIST - [Exim] 20030814 Minor security bug

CONFIRM - http://www.exim.org/pipermail/exim-announce/2003q3/000094.html

CONFIRM - http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog

CONFIRM - http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog

VULN-DEV - 20030903 Re: exim remote heap overflow, probably not exploitable

CONECTIVA - CLA-2003:735


Last Updated: 27 May 2016 10:38:02