27984 – net-mail/exim

Bug 27984 - net-mail/exim

Summary: net-mail/exim

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Highest critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-09-05 00:04 UTC by Daniel Ahlberg (RETIRED)
Modified:	2003-09-15 05:57 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Ahlberg (RETIRED) gentoo-dev

2003-09-05 00:04:09 UTC

Package        : exim exim-tls 
Vulnerability  : buffer overflow 
Problem-Type   : remote 
Debian-specific: no 
CVE Ids        : CAN-2003-0743 
 
A buffer overflow exists in exim, which is the standard mail transport 
agent in Debian.  By supplying a specially crafted HELO or EHLO 
command, an attacker could cause a constant string to be written past 
the end of a buffer allocated on the heap.  This vulnerability is not 
believed at this time to be exploitable to execute arbitrary code.

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2003-09-15 05:57:35 UTC

glsa sent