Описание
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
An out-of-bounds write flaw was found in exim. The function fails to correctly handle situations when a backslash is the last character of the input string and incorrectly sets the pointer that is supposed to point to the last character of the escape sequence upon function exit. That leads to out-of-bounds read when the caller attempts to process the input string following the escape sequence. Additionally, this may lead to out-of-bounds write when unescaped string is written (to the same or different buffer).
Отчет
The flaw in the string_interpret_escape() function exists in the versions of Exim as shipped with Red Hat Enterprise Linux 5. However, it is not exposed to untrusted inputs and therefore it can not be exploited to achieve remote code execution. Refer to Red Hat Bugzilla bug 1748397 for further technical details: https://bugzilla.redhat.com/show_bug.cgi?id=1748397#c6 Exim mail server is not shipped with Red Hat Enterprise Linux 6, 7, and 8.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | exim | Will not fix |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
Exim before 4.92.2 allows remote attackers to execute arbitrary code a ...
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
9.8 Critical
CVSS3