Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0021

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-0021
Last Modified 21 Aug 2010 12:25:22
Published 02 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0021

Summary

Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.

Vulnerable Systems

Application

  • University Of Cambridge Exim 4.40

  • University Of Cambridge Exim 4.41

  • University Of Cambridge Exim 4.42


References

CERT-VN - VU#132992

REDHAT - RHSA-2005:025

IDEFENSE - 20050114 Exim dns_buld_reverse() Buffer Overflow Vulnerability

IDEFENSE - 20050107 Exim host_aton() Buffer Overflow Vulnerability

MLIST - [exim] 20050104 2 smallish security issues

DEBIAN - DSA-637

DEBIAN - DSA-635

GENTOO - GLSA-200501-23

CONFIRM - http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44


Last Updated: 27 May 2016 10:39:38