Showing 1 - 3 of 3

CVE-2023-42115

Status Candidate

Overview

Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17434.

Related Files

Gentoo Linux Security Advisory 202402-18: Posted Feb 19, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.; tags | advisory, remote, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42119, CVE-2023-51766; SHA-256 | baabebed21673e40b564e5721f4a8c2ad8b2d62a34a694a4ab0c3fd9b9eddfdc; Download | Favorite | View

Ubuntu Security Notice USN-6411-1: Posted Oct 5, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6411-1 - It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly use this issue to perform out-of-bounds reads, resulting in information leakage. It was discovered that Exim incorrectly handled validation of user-supplied data. A remote attacker could possibly use this issue to perform out-of-bounds writes, resulting in arbitrary code execution. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04.; tags | advisory, remote, arbitrary, code execution; systems | linux, ubuntu; advisories | CVE-2023-42114, CVE-2023-42115, CVE-2023-42116; SHA-256 | 506117958a37b2eb9f9bacf8b26d11530bff0918c510d3826141d56eb87f8dfd; Download | Favorite | View

Debian Security Advisory 5512-1: Posted Oct 2, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5512-1 - Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used.; tags | advisory, remote, vulnerability, code execution; systems | linux, debian; advisories | CVE-2023-42114, CVE-2023-42115, CVE-2023-42116; SHA-256 | a28c2d03163448e0e92324757faf8e3aa4ac5645fdda00d5756c2bf6e82c4a31; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 239 files
indoushka 79 files
Ubuntu 79 files
Debian 22 files
LiquidWorm 20 files
Google Security Research 8 files
Gentoo 7 files
malvuln 6 files
Emiliano Febbi 4 files
Seth Jenkins 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,147)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,676)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,132)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,946)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

CVE-2023-42115

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems