9.8

CVE-2018-6789

Warnung
Exploit
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EximExim Version < 4.90.1
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version17.10

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Exim Buffer Overflow Vulnerability

Schwachstelle

Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 86.44% 0.994
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://openwall.com/lists/oss-security/2018/02/10/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/103049
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1040461
Third Party Advisory
Broken Link
VDB Entry
https://usn.ubuntu.com/3565-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4110
Third Party Advisory
Mailing List
https://www.exploit-db.com/exploits/44571/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/45671/
Third Party Advisory
Exploit
VDB Entry