PT-2020-6048 · Exim+5 · Exim+5
Published
2020-10-20
·
Updated
2024-06-15
·
CVE-2020-28024
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Exim versions prior to 4.94.2
Description
The issue is related to the
smtp ungetc() function in the Exim mail transfer agent, which is vulnerable to buffer underwrite. This vulnerability may allow unauthenticated remote attackers to execute arbitrary commands. The problem arises because smtp ungetc() was intended to push back characters but can actually push back non-character error codes, such as EOF. The vulnerability is also described as an integer overflow, which can be exploited by sending a specially crafted request, allowing a remote attacker to execute arbitrary code.Recommendations
For Exim versions prior to 4.94.2, update to version 4.94.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the
smtp ungetc() function until a patch is applied.Exploit
Fix
Memory Corruption
Integer Underflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Exim
Linuxmint
Suse
Ubuntu