TITLE: Exim IPv6 Handling and SPA Authentication Vulnerabilities SECUNIA ADVISORY ID: SA13713 VERIFY ADVISORY: http://secunia.com/advisories/13713/ CRITICAL: Moderately critical IMPACT: Privilege escalation, System access WHERE: >From remote SOFTWARE: Exim 4.x http://secunia.com/product/841/ DESCRIPTION: Two vulnerabilities have been reported in Exim, which potentially can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a vulnerable system. 1) A boundary error in the function "host_aton()" when handling IPv6 addresses may be exploited to cause a buffer overflow by supplying a specially crafted IPv6 address with more than 8 components to an unspecified command line option. 2) A boundary error in the function "spa_base64_to_bits()" when handling SPA authentication can be exploited to cause a buffer overflow. Successful exploitation requires that SPA authentication is enabled. The vulnerabilities have been reported in version 4.43 and prior. SOLUTION: Patches are available and fixes have been included in the current source and the CVS repository. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------