FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

exim -- two buffer overflow vulnerabilities

Affected packages
exim < 4.43+28_1
exim-ldap < 4.43+28_1
exim-ldap2 < 4.43+28_1
exim-mysql < 4.43+28_1
exim-postgresql < 4.43+28_1
exim-sa-exim < 4.43+28_1

Details

VuXML ID ca9ce879-5ebb-11d9-a01c-0050569f0001
Discovery 2005-01-05
Entry 2005-01-05
Modified 2005-01-18

1. The function host_aton() can overflow a buffer if it is presented with an illegal IPv6 address that has more than 8 components.

2. The second report described a buffer overflow in the function spa_base64_to_bits(), which is part of the code for SPA authentication.

References

Bugtraq ID 12185
Bugtraq ID 12188
Bugtraq ID 12268
CVE Name CVE-2005-0021
CVE Name CVE-2005-0022
Message 1CE07882ECEE894CA2D5A89B8DEBC4011CFDE5@porgy.admin.idefense.com
Message Pine.SOC.4.61.0501041452540.1114@draco.cus.cam.ac.uk