Exim < 4.22 smtp_in.c HELO/EHLO Remote Overflow

high Nessus Plugin ID 11828

Language:

Synopsis

The remote SMTP server has a heap-based buffer overflow vulnerability.

Description

According to its banner, the version of Exim running on the remote host has a remote heap-based buffer overflow vulnerability. A remote, unauthenticated attacker could potentially exploit this to execute arbitrary code.

Solution

Upgrade to Exim 4.21 or later, or apply the appropriate patches.

See Also

https://lists.exim.org/lurker/message/20030814.083154.40b19dfb.html

https://lists.exim.org/lurker/message/20030815.092719.8a26db10.html

Plugin Details

Severity: High

ID: 11828

File Name: exim_heap_overflow.nasl

Version: 1.20

Type: remote

Published: 9/2/2003

Updated: 7/10/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:exim:exim

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/14/2003

Reference Information

CVE: CVE-2003-0743

BID: 8518