Fedora Core 2 : exim-4.43-1.FC2.1 (2005-001)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

This erratum fixes two relatively minor security issues which were
discovered in Exim in the last few weeks. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CVE-2005-0021 and CVE-2005-0022 to these, respectively.

1. The function host_aton() can overflow a buffer if it is presented
with an illegal IPv6 address that has more than 8 components.

2. The second report described a buffer overflow in the function
spa_base64_to_bits(), which is part of the code for SPA
authentication. This code originated in the Samba project. The
overflow can be exploited only if you are using SPA authentication.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?080b4ac1

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Fedora Local Security Checks

Nessus Plugin ID: 16113 (fedora_2005-001.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0021
CVE-2005-0022

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now