FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0021

This CVE name corresponds to:

Entered Topic
2005-01-05 exim -- two buffer overflow vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-0021 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-0021
Phase Assigned(20050104)

Description

Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.

References

Source Reference
IDEFENSE 20050107 Exim host_aton() Buffer Overflow Vulnerability
IDEFENSE 20050114 Exim dns_buld_reverse() Buffer Overflow Vulnerability
MLIST [exim] 20050104 2 smallish security issues
CONFIRM http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44
DEBIAN DSA-635
DEBIAN DSA-637
GENTOO GLSA-200501-23
REDHAT RHSA-2005:025
CERT-VN VU#132992
OVAL oval:org.mitre.oval:def:10347

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.