Lucene search

[email protected]CVE-2004-0399

HistoryJul 07, 2004 - 4:00 a.m.

CVE-2004-0399

2004-07-0704:00:00

[email protected]

web.nvd.nist.gov

exim

stack-based buffer overflow

cve-2004-0399

sender verification

denial of service

remote attackers

arbitrary code

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.422 Medium

EPSS

Percentile

97.3%

JSON

Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.

Affected configurations

NVD

Node

university_of_cambridgeexim

university_of_cambridgeeximMatch3.35

CPENameOperatorVersion
university_of_cambridge:eximuniversity of cambridge eximeq*
university_of_cambridge:eximuniversity of cambridge eximeq3.35

CPE	Name	Operator	Version
university_of_cambridge:exim	university of cambridge exim	eq	*
university_of_cambridge:exim	university of cambridge exim	eq	3.35

References

lists.grok.org.uk/pipermail/full-disclosure/2004-May/021015.html

secunia.com/advisories/11558

www.debian.org/security/2004/dsa-501

www.debian.org/security/2004/dsa-502

www.guninski.com/exim1.html

exchange.xforce.ibmcloud.com/vulnerabilities/16079

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.422 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2004-0399

ubuntucve1 nvd1 debiancve1 cvelist1 nessus3 osv2 openvas4 debian4