Showing 1 - 3 of 3

CVE-2023-42114

Status Candidate

Overview

Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-17433.

Related Files

Gentoo Linux Security Advisory 202402-18: Posted Feb 19, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.; tags | advisory, remote, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42119, CVE-2023-51766; SHA-256 | baabebed21673e40b564e5721f4a8c2ad8b2d62a34a694a4ab0c3fd9b9eddfdc; Download | Favorite | View

Ubuntu Security Notice USN-6411-1: Posted Oct 5, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6411-1 - It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly use this issue to perform out-of-bounds reads, resulting in information leakage. It was discovered that Exim incorrectly handled validation of user-supplied data. A remote attacker could possibly use this issue to perform out-of-bounds writes, resulting in arbitrary code execution. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04.; tags | advisory, remote, arbitrary, code execution; systems | linux, ubuntu; advisories | CVE-2023-42114, CVE-2023-42115, CVE-2023-42116; SHA-256 | 506117958a37b2eb9f9bacf8b26d11530bff0918c510d3826141d56eb87f8dfd; Download | Favorite | View

Debian Security Advisory 5512-1: Posted Oct 2, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5512-1 - Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used.; tags | advisory, remote, vulnerability, code execution; systems | linux, debian; advisories | CVE-2023-42114, CVE-2023-42115, CVE-2023-42116; SHA-256 | a28c2d03163448e0e92324757faf8e3aa4ac5645fdda00d5756c2bf6e82c4a31; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 217 files
indoushka 135 files
Ubuntu 92 files
Gentoo 33 files
Debian 27 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Google Security Research 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,913)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,631)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,781)
UNIX (9,441)
UnixWare (187)
Windows (6,676)
Other

CVE-2023-42114

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems