Secunia Security Advisory - Two vulnerabilities have been reported in Exim, which potentially can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a vulnerable system.
0126c14d80f535abb7d233cf47a538e44964560a4f376cb77e022e4f39ee01cb
TITLE:
Exim IPv6 Handling and SPA Authentication Vulnerabilities
SECUNIA ADVISORY ID:
SA13713
VERIFY ADVISORY:
http://secunia.com/advisories/13713/
CRITICAL:
Moderately critical
IMPACT:
Privilege escalation, System access
WHERE:
>From remote
SOFTWARE:
Exim 4.x
http://secunia.com/product/841/
DESCRIPTION:
Two vulnerabilities have been reported in Exim, which potentially can
be exploited by malicious, local users to gain escalated privileges
and by malicious people to compromise a vulnerable system.
1) A boundary error in the function "host_aton()" when handling IPv6
addresses may be exploited to cause a buffer overflow by supplying a
specially crafted IPv6 address with more than 8 components to an
unspecified command line option.
2) A boundary error in the function "spa_base64_to_bits()" when
handling SPA authentication can be exploited to cause a buffer
overflow.
Successful exploitation requires that SPA authentication is enabled.
The vulnerabilities have been reported in version 4.43 and prior.
SOLUTION:
Patches are available and fixes have been included in the current
source and the CVS repository.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------