Info

Disclosure

Jan 06, 2005

Discovery

Unknown

Dates

Exploit

Feb 12, 2005

Solution

Unknown

Description

A remote overflow exists in Exim. Exim fails to have sufficient boundary checks in the 'spa_base64_to_bits()' function resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code in the context of the affected application resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unavailable

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, University of Cambridge and RedHat have released a patch to address this vulnerability.

Products

University of Cambridge	Exim	4.43
		4.42
		4.41
		4.40
		4.34
		4.33
		4.32
		4.21
		4.20
		4.10

Red Hat, Inc.	Fedora	Core2
		Core3

References

Security Tracker: 1012771
Bugtraq ID: 12188
Related OSVDB ID: 12726
Secunia Advisory ID: 13713 13823
CVE ID: 2005-0022 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0214.html
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200501-23.xml
http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html
http://www.idefense.com/application/poi/display?id=178&type=vulnerabilities&flash ......

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

University of Cambridge

Exim

Red Hat, Inc.

Fedora

References

Credit