9.8
CVE-2018-6789
- EPSS 82.24%
- Veröffentlicht 08.02.2018 23:29:01
- Zuletzt bearbeitet 07.11.2025 19:04:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version17.10
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Exim Buffer Overflow Vulnerability
SchwachstelleExim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 82.24% | 0.996 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://openwall.com/lists/oss-security/2018/02/10/2
http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html
http://www.openwall.com/lists/oss-security/2018/02/07/2
http://www.securityfocus.com/bid/103049
http://www.securitytracker.com/id/1040461
https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
https://exim.org/static/doc/security/CVE-2018-6789.txt
https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1
https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html
https://usn.ubuntu.com/3565-1/
https://www.debian.org/security/2018/dsa-4110
https://www.exploit-db.com/exploits/44571/
https://www.exploit-db.com/exploits/45671/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6789