FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0022

This CVE name corresponds to:

Entered Topic
2005-01-05 exim -- two buffer overflow vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-0022 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-0022
Phase Assigned(20050104)

Description

Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.

References

Source Reference
IDEFENSE 20050107 Exim auth_spa_server() Buffer Overflow Vulnerability
BUGTRAQ 20050212 exim auth_spa_server() PoC exploit
MLIST [exim] 20050104 2 smallish security issues
CONFIRM http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44
GENTOO GLSA-200501-23
REDHAT RHSA-2005:025
BID 12188
OVAL oval:org.mitre.oval:def:11293

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.