Download
| Alert*
oval:org.secpod.oval:def:1600873
This is an update fixeing dec64table OOB read in b64decode. oval:org.secpod.oval:def:1800053 exim is installed oval:org.secpod.oval:def:1601026 Exim allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker oval:org.secpod.oval:def:1600848 Buffer overflow in b64decode function, possibly leading to remote code execution:An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely oval:org.secpod.oval:def:1800052 Exim supports the use of multiple "-p" command line arguments which are malloc"ed and never free"ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch , but ... oval:org.secpod.oval:def:1800278 Exim supports the use of multiple "-p" command line arguments which are malloc"ed and never free"ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch , but ... oval:org.secpod.oval:def:1800774 The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service via vectors involving BDAT commands and an improper check for a "." character signifying the end of the content, related to the bdat_getc function. oval:org.secpod.oval:def:1600818 Use-after-free in receive_msg function via vectors involving BDAT commandsThe receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving BDAT commands. Infinite loop and stack exhaus ... oval:org.secpod.oval:def:107304 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flex ... oval:org.secpod.oval:def:107305 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flex ... oval:org.secpod.oval:def:21802 The host is installed with Exim before 4.83 and is prone to an elevation vulnerability. A flaw is present in the application, which expands mathematical comparisons twice. Successful exploitation allows local users to gain privileges and execute arbitrary commands. oval:org.secpod.oval:def:602417 A local root privilege escalation vulnerability was found in Exim, Debian"s default mail transfer agent, in configurations using the "perl_startup" option . To address the vulnerability, updated Exim versions clean the complete execution environment by default, affecting Exim and subprocesses such a ... oval:org.secpod.oval:def:110281 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ... oval:org.secpod.oval:def:601410 exim4 is installed oval:org.secpod.oval:def:110295 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ... oval:org.secpod.oval:def:203055 exim is installed oval:org.secpod.oval:def:600909 It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code. oval:org.secpod.oval:def:1600024 expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. oval:org.secpod.oval:def:600522 It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code. The oldstable distribution is not affected by this problem because it does not contain DKIM su ... oval:org.secpod.oval:def:600526 It was discovered that Exim, Debian"s default mail transfer agent, is vulnerable to command injection attacks in its DKIM processing code, leading to arbitrary code execution. The default configuration supplied by Debian does not expose this vulnerability. The oldstable distribution is not affecte ... oval:org.secpod.oval:def:71649 The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. Details can be found in the Qualys advisory at https://www.qualys.com/2021/05/04/21nails/21nails.txt oval:org.secpod.oval:def:71636 exim4: Exim is a mail transport agent Several security issues were fixed in Exim. oval:org.secpod.oval:def:705987 exim4: Exim is a mail transport agent Several security issues were fixed in Exim. oval:org.secpod.oval:def:1601011 A flaw was found in Exim versions 4.87 to 4.91 before release 1.20 . Improper validation of recipient address in deliver_message function in /src/deliver.c may lead to remote command execution oval:org.secpod.oval:def:603935 The Qualys Research Labs reported a flaw in Exim, a mail transport agent. Improper validation of the recipient address in the deliver_message function may result in the execution of arbitrary commands. oval:org.secpod.oval:def:55505 The Qualys Research Labs reported a flaw in Exim, a mail transport agent. Improper validation of the recipient address in the deliver_message function may result in the execution of arbitrary commands. oval:org.secpod.oval:def:1801446 A flaw was found in Exim versions 4.87 to 4.91 . Improper validation of recipient address in deliver_message function in /src/deliver.c may lead to remote command execution. Fixed In Version:¶ exim 4.92 oval:org.secpod.oval:def:64143 It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. oval:org.secpod.oval:def:500216 Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ... oval:org.secpod.oval:def:201653 Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ... oval:org.secpod.oval:def:500373 Exim is a mail transport agent developed at the University of Cambridge for use on Unix systems connected to the Internet. A buffer overflow flaw was discovered in Exim"s internal string_vformat function. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exi ... oval:org.secpod.oval:def:200024 Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ... oval:org.secpod.oval:def:707681 exim4: Exim is a mail transport agent Exim could be made to crash of execute arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:88580 exim4: Exim is a mail transport agent Exim could be made to crash of execute arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:53200 Several vulnerabilities have been discovered in Exim, a mail transport agent. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-16943 A use-after-free vulnerability was discovered in Exim"s routines responsible for parsing mail headers. A remote attacker can ... oval:org.secpod.oval:def:113783 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ... oval:org.secpod.oval:def:113774 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ... oval:org.secpod.oval:def:603191 Several vulnerabilities have been discovered in Exim, a mail transport agent. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-16943 A use-after-free vulnerability was discovered in Exim"s routines responsible for parsing mail headers. A remote attacker can ... oval:org.secpod.oval:def:114171 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ... oval:org.secpod.oval:def:114172 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ... oval:org.secpod.oval:def:1801795 Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.marked the task master as completedmarked the task 3.11-stable as completed oval:org.secpod.oval:def:1801622 There is a heap-based buffer overflow in string_vformat . The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist ... oval:org.secpod.oval:def:1601051 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. oval:org.secpod.oval:def:707823 exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it processed specially crafted regular expressions. oval:org.secpod.oval:def:3300744 SUSE Security Update: Security update for exim oval:org.secpod.oval:def:124171 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flex ... oval:org.secpod.oval:def:124169 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ... oval:org.secpod.oval:def:69763 A buffer overflow flaw was discovered in Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code. oval:org.secpod.oval:def:604547 A buffer overflow flaw was discovered in Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code. oval:org.secpod.oval:def:95219 Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used. oval:org.secpod.oval:def:1600510 It was found that Exim leaked DKIM signing private keys to the "mainlog" log file. As a result, an attacker with access to system log files could potentially access these leaked DKIM private keys. oval:org.secpod.oval:def:602714 Bjoern Jacke discovered that Exim, Debian"s default mail transfer agent, may leak the private DKIM signing key to the log files if specific configuration options are met. oval:org.secpod.oval:def:603267 Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message. oval:org.secpod.oval:def:1800474 In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. oval:org.secpod.oval:def:53083 The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/ ... oval:org.secpod.oval:def:114047 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ... oval:org.secpod.oval:def:114046 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ... oval:org.secpod.oval:def:53249 Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message. oval:org.secpod.oval:def:602954 The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/ ... oval:org.secpod.oval:def:69905 Zerons and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges. oval:org.secpod.oval:def:58845 "Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges. oval:org.secpod.oval:def:604463 Jeremy Harris discovered that Exim, a mail transport agent, does not properly handle the ${sort } expansion. This flaw can be exploited by a remote attacker to execute programs with root privileges in non-default configurations where ${sort } expansion is used for items that can be controlled by an ... oval:org.secpod.oval:def:69894 Jeremy Harris discovered that Exim, a mail transport agent, does not properly handle the ${sort } expansion. This flaw can be exploited by a remote attacker to execute programs with root privileges in non-default configurations where ${sort } expansion is used for items that can be controlled by an ... oval:org.secpod.oval:def:604852 It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. oval:org.secpod.oval:def:612687 Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used. oval:org.secpod.oval:def:126275 Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ... oval:org.secpod.oval:def:3302092 Security update for exim oval:org.secpod.oval:def:96405 exim4: Exim is a mail transport agent Several security issues were fixed in Exim. oval:org.secpod.oval:def:96423 exim4: Exim is a mail transport agent Several security issues were fixed in Exim. oval:org.secpod.oval:def:97668 [CLSA-2022:1660761670] Fixed CVEs in exim: CVE-2022-37451, CVE-2022-37452 oval:org.secpod.oval:def:97733 [CLSA-2023:1687794906] exim: Fix of CVE-2021-38371 oval:org.secpod.oval:def:97758 [CLSA-2023:1697482739] exim: Fix of 2 CVEs oval:org.secpod.oval:def:97765 [CLSA-2023:1699908139] exim: Fix of CVE-2022-3559 oval:org.secpod.oval:def:97771 [CLSA-2023:1701285908] exim: Fix of CVE-2023-42117 oval:org.secpod.oval:def:3301783 Security update for exim oval:org.secpod.oval:def:708727 exim4: Exim is a mail transport agent Exim could be made to bypass an SPF protection mechanism if it received a specially crafted request. oval:org.secpod.oval:def:96946 It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered. oval:org.secpod.oval:def:612889 It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered. oval:org.secpod.oval:def:3302202 Security update for exim oval:org.secpod.oval:def:98683 exim4: Exim is a mail transport agent Exim could be made to bypass an SPF protection mechanism if it received a specially crafted request. |