Exim发送者验证远程整数缓冲区溢出漏洞

漏洞信息详情

Exim发送者验证远程整数缓冲区溢出漏洞

• CNNVD编号：CNNVD-200407-021
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-0399
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2004-07-07
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  university_of_cambridge
• 漏洞来源：
  Discovery is credi…

当sender_verify选项正确时，Exim 3.35和4之前的其他版本存在基于栈的缓冲区溢出漏洞。远程攻击者导致服务拒绝和可能在验证发送者时执行任意代码。

Debian has released advisory DSA-501-1 dealing with this and other issues. Please see the referenced web advisory for more information and details on obtaining fixes.
Debian has released advisory DSA 502-1 dealing with this issue for their Exim-tls packages. Please see the referenced web advisory for more information and details on obtaining fixes.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
University of Cambridge Exim-tls 3.35
@securityfocus.com>

• Debian exim-tls_3.35-3woody2_alpha.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_alpha.deb
• Debian exim-tls_3.35-3woody2_arm.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_arm.deb
• Debian exim-tls_3.35-3woody2_hppa.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_hppa.deb
• Debian exim-tls_3.35-3woody2_i386.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_i386.deb
• Debian exim-tls_3.35-3woody2_ia64.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_ia64.deb
• Debian exim-tls_3.35-3woody2_m68k.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_m68k.deb
• Debian exim-tls_3.35-3woody2_mips.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_mips.deb
• Debian exim-tls_3.35-3woody2_mipsel.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_mipsel.deb
• Debian exim-tls_3.35-3woody2_powerpc.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_powerpc.deb
• Debian exim-tls_3.35-3woody2_s390.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_s390.deb
• Debian exim-tls_3.35-3woody2_sparc.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_sparc.deb

University of Cambridge Exim 3.35

• Debian exim-tls_3.35-3woody2_alpha.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_alpha.deb
• Debian exim-tls_3.35-3woody2_arm.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_arm.deb
• Debian exim-tls_3.35-3woody2_hppa.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_hppa.deb
• Debian exim-tls_3.35-3woody2_i386.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_i386.deb
• Debian exim-tls_3.35-3woody2_ia64.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_ia64.deb
• Debian exim-tls_3.35-3woody2_m68k.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_m68k.deb
• Debian exim-tls_3.35-3woody2_mips.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_mips.deb
• Debian exim-tls_3.35-3woody2_mipsel.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_mipsel.deb
• Debian exim-tls_3.35-3woody2_powerpc.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_powerpc.deb
• Debian exim-tls_3.35-3woody2_s390.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_s390.deb
• Debian exim-tls_3.35-3woody2_sparc.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-
  3woody2_sparc.deb

来源: XF
名称: exim-requireverify-bo(16079)
链接:http://xforce.iss.net/xforce/xfdb/16079

来源: www.guninski.com
链接:http://www.guninski.com/exim1.html

来源: DEBIAN
名称: DSA-502
链接:http://www.debian.org/security/2004/dsa-502

来源: DEBIAN
名称: DSA-501
链接:http://www.debian.org/security/2004/dsa-501

来源: FULLDISC
名称: 20040506 Buffer overflows in exim, yet still exim much better than windows
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021015.html

来源: SECUNIA
名称: 11558
链接:http://secunia.com/advisories/11558