PT-2003-1836 · Exim · Exim

Nick Cleaton

Published

2003-09-06

Updated

2016-10-18

CVE-2003-0743

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Exim 3 versions prior to 3.36 Exim 4 versions prior to 4.21

Description: The issue is related to a heap-based buffer overflow in the smtp in.c file. This can be exploited by remote attackers who send an invalid HELO or EHLO argument with a large number of spaces, followed by a NULL character and a newline. The argument is not properly trimmed before being appended to the buffer, potentially allowing the execution of arbitrary code.

Recommendations: For Exim 3 versions prior to 3.36, update to version 3.36 or later. For Exim 4 versions prior to 4.21, update to version 4.21 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0743

DSA-376

Affected Products

Exim

PT-2003-1836 · Exim · Exim

CVE-2003-0743

Related Identifiers

Affected Products

References · 10