A heap-based buffer overflow flaw was found in Exim. The overflow can be triggered via specially crafted SMTP-protocol EHLO message, which may lead to unauthenticated remote code execution. It is thought that the execution of the remote code would be at the exim user level although execution as the root user cannot be ruled out.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | exim | 2019-10-18 23:22 | ALAS-2019-1310 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |