LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

exim: buffer overflows

Package(s):exim CVE #(s):CAN-2005-0021 CAN-2005-0022
Created:January 7, 2005 Updated:February 15, 2005
Description: A buffer overflow in the host_aton() function in Exim 4.4x may allow execution of arbitrary commands with elevated privileges by a local user. This has been patched in Exim 4.43.

Additionally, there is a another buffer overflow in Exim's auth_spa_server() which also be fixed in Exim 4.43.

Alerts:
Red Hat RHSA-2005:025-01 2005-02-15
Gentoo 200501-23 2005-01-12
Debian DSA-637-1 2005-01-13
Debian DSA-635-1 2005-01-12
Ubuntu USN-56-1 2005-01-07
Fedora FEDORA-2005-001 2005-01-06
Fedora FEDORA-2005-001 2005-01-06
(Log in to post comments)

exim: buffer overflows - they *do* affect 4.43

Posted Jan 13, 2005 9:42 UTC (Thu) by planet12 (guest, #4199) [Link]

Warning: the information above is not quite right - these patches are against 4.43. It is not, I repeat NOT, fixed in 4.43.

If you're running 4.43, or earlier, you will likely want the patches in the message linked below:

http://www.exim.org/mail-archives/exim-announce/2005/msg0...

(link here for convenience; it's also in the iSec advisory)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds