Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Gentoo 200309-09: exim buffer overflow

Gentoo 200309-09: exim buffer overflow

by Nikola Strahija on September 15th, 2003 There's a heap overflow in all versions of exim3 and exim4 prior to version 4.21. It can be exercised by anyone who can make an SMTP connection to the exim daemon.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-09
- - - ---------------------------------------------------------------------

PACKAGE : exim
SUMMARY : buffer overflow
DATE : 2003-09-15 13:07 UTC
EXPLOIT : remote
VERSIONS AFFECTED : FIXED VERSION : >=exim-4.21
CVE : CAN-2003-0743

- - - ---------------------------------------------------------------------

quote from advisory:

"There's a heap overflow in all versions of exim3 and exim4 prior
to version 4.21. It can be exercised by anyone who can make an
SMTP connection to the exim daemon."

read the full advisory at:
http://marc.theaimsgroup.com/?l=vuln-dev&m=106264740820334&w=2

Altough not thought to be exploitable, users are encouraged to upgrade
exim.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/exim upgrade to exim-4.21 as follows:

emerge sync
emerge exim
emerge clean

- - - ---------------------------------------------------------------------
[email protected] - GnuPG key is available at http://dev.gentoo.org/~aliz
[email protected]
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/ZbmwfT7nyhUpoZMRAkuoAJ973hWIgX1pY6LW/fc6eP0pGZO0NQCcCzMh
VKHtQnVqlREiVHksIh6xj/0=
=emxR
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »