Name | exim_heap_overflow |
---|---|
CVE | CVE-2018-6789 Exploit Pack |
VENDOR: Exim | |
NOTES: There is a buffer overflow in the b64decode function, this bug exists since the | |
first commit of exim, hence ALL versions are affected. This exploit uses the | |
SMTP method AUTH PLAIN in order to create a one-byte-overflow in the heap. |
This exploit has been tested on Ubuntu Server 16.04.5 LTS and Exim 4.86.2 with
AUTH PLAIN enabled (without STARTTLS).
VersionsAffected: All Exim versions below 4.90.1
Repeatability: Infinite
References: https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789
Date public: 10/02/2018
CVSS: N/A