Lucene search

MitreCVE-2003-0743

HistoryOct 20, 2003 - 4:00 a.m.

CVE-2003-0743

2003-10-2004:00:00

mitre

web.nvd.nist.gov

cve-2003-0743

buffer overflow

exim

remote code execution

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.129

Percentile

95.5%

JSON

Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the “(no argument given)” string is appended to the buffer.

Affected configurations

Nvd

Node

university_of_cambridgeeximMatch3.0

university_of_cambridgeeximMatch3.3

university_of_cambridgeeximMatch3.3.1

university_of_cambridgeeximMatch3.3.2

university_of_cambridgeeximMatch3.11

university_of_cambridgeeximMatch3.12

university_of_cambridgeeximMatch3.13

university_of_cambridgeeximMatch3.14

university_of_cambridgeeximMatch3.15

university_of_cambridgeeximMatch3.16

university_of_cambridgeeximMatch3.17

university_of_cambridgeeximMatch3.18

university_of_cambridgeeximMatch3.19

university_of_cambridgeeximMatch3.20

university_of_cambridgeeximMatch3.21

university_of_cambridgeeximMatch3.22

university_of_cambridgeeximMatch3.30

university_of_cambridgeeximMatch3.31

university_of_cambridgeeximMatch3.32

university_of_cambridgeeximMatch3.33

university_of_cambridgeeximMatch3.34

university_of_cambridgeeximMatch3.35

university_of_cambridgeeximMatch3.36

university_of_cambridgeeximMatch4.10

university_of_cambridgeeximMatch4.20

VendorProductVersionCPE
university_of_cambridgeexim3.0cpe:2.3:a:university_of_cambridge:exim:3.0:*:*:*:*:*:*:*
university_of_cambridgeexim3.3cpe:2.3:a:university_of_cambridge:exim:3.3:*:*:*:*:*:*:*
university_of_cambridgeexim3.3.1cpe:2.3:a:university_of_cambridge:exim:3.3.1:*:*:*:*:*:*:*
university_of_cambridgeexim3.3.2cpe:2.3:a:university_of_cambridge:exim:3.3.2:*:*:*:*:*:*:*
university_of_cambridgeexim3.11cpe:2.3:a:university_of_cambridge:exim:3.11:*:*:*:*:*:*:*
university_of_cambridgeexim3.12cpe:2.3:a:university_of_cambridge:exim:3.12:*:*:*:*:*:*:*
university_of_cambridgeexim3.13cpe:2.3:a:university_of_cambridge:exim:3.13:*:*:*:*:*:*:*
university_of_cambridgeexim3.14cpe:2.3:a:university_of_cambridge:exim:3.14:*:*:*:*:*:*:*
university_of_cambridgeexim3.15cpe:2.3:a:university_of_cambridge:exim:3.15:*:*:*:*:*:*:*
university_of_cambridgeexim3.16cpe:2.3:a:university_of_cambridge:exim:3.16:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
university_of_cambridge	exim	3.0	cpe:2.3:a:university_of_cambridge:exim:3.0:::::::*
university_of_cambridge	exim	3.3	cpe:2.3:a:university_of_cambridge:exim:3.3:::::::*
university_of_cambridge	exim	3.3.1	cpe:2.3:a:university_of_cambridge:exim:3.3.1:::::::*
university_of_cambridge	exim	3.3.2	cpe:2.3:a:university_of_cambridge:exim:3.3.2:::::::*
university_of_cambridge	exim	3.11	cpe:2.3:a:university_of_cambridge:exim:3.11:::::::*
university_of_cambridge	exim	3.12	cpe:2.3:a:university_of_cambridge:exim:3.12:::::::*
university_of_cambridge	exim	3.13	cpe:2.3:a:university_of_cambridge:exim:3.13:::::::*
university_of_cambridge	exim	3.14	cpe:2.3:a:university_of_cambridge:exim:3.14:::::::*
university_of_cambridge	exim	3.15	cpe:2.3:a:university_of_cambridge:exim:3.15:::::::*
university_of_cambridge	exim	3.16	cpe:2.3:a:university_of_cambridge:exim:3.16:::::::*

Rows per page:

1-10 of 251

References

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735

marc.info/?l=bugtraq&m=106252015820395&w=2

marc.info/?l=vuln-dev&m=106264740820334&w=2

packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog

packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog

www.debian.org/security/2003/dsa-376

www.exim.org/pipermail/exim-announce/2003q3/000094.html

www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html

www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.129

Percentile

95.5%

JSON

Related for CVE-2003-0743