Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-502
HistoryMay 11, 2004 - 12:00 a.m.

exim-tls - buffer overflow

2004-05-1100:00:00
Google
osv.dev
4

0.422 Medium

EPSS

Percentile

97.3%

JSON

Georgi Guninski discovered two stack-based buffer overflows in exim
and exim-tls. They cannot be exploited with the default
configuration from the Debian system, though. The Common
Vulnerabilities and Exposures project identifies the following
problems that are fixed with this update:

  • CAN-2004-0399
    When “sender_verify = true” is configured in exim.conf a buffer
    overflow can happen during verification of the sender. This
    problem is fixed in exim 4.

  • CAN-2004-0400
    When headers_check_syntax is configured in exim.conf a buffer
    overflow can happen during the header check. This problem does
    also exist in exim 4.

For the stable distribution (woody) these problems have been fixed in
version 3.35-3woody2.

The unstable distribution (sid) does not contain exim-tls anymore.
The functionality has been incorporated in the main exim versions
which have these problems fixed in version 3.36-11 for exim 3 and in
version 4.33-1 for exim 4.

We recommend that you upgrade your exim-tls package.

CPENameOperatorVersion
exim-tlseq3.35-3woody1

Related

nessus 6
openvas 8
osv 1
debian 4
cve 2
ubuntucve 2
cvelist 2
nvd 2
debiancve 2
gentoo 1
freebsd 1
suse 1
nessus
nessus
Debian DSA-502-1 : exim-tls - buffer overflow
2004-09-29 00:00:00
Debian DSA-501-1 : exim - buffer overflow
2004-09-29 00:00:00
Exim < 3.36 / 4.33 Multiple Remote Overflows
2004-05-06 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-501)
2008-01-17 00:00:00
Debian Security Advisory DSA 502-1 (exim-tls)
2008-01-17 00:00:00
Debian Security Advisory DSA 501-1 (exim)
2008-01-17 00:00:00
osv
osv
exim - buffer overflow
2004-05-07 00:00:00
debian
debian
[SECURITY] [DSA 501-1] New exim packages fix buffer overflows
2004-05-07 05:54:23
[SECURITY] [DSA 502-1] New exim-tls packages fix buffer overflows
2004-05-11 14:06:13
[SECURITY] [DSA 501-1] New exim packages fix buffer overflows
2004-05-07 05:54:23
cve
cve
CVE-2004-0399
2004-07-07 04:00:00
CVE-2004-0400
2004-07-07 04:00:00
ubuntucve
ubuntucve
CVE-2004-0399
2004-07-07 00:00:00
CVE-2004-0400
2004-07-07 00:00:00
cvelist
cvelist
CVE-2004-0400
2004-05-12 04:00:00
CVE-2004-0399
2004-05-12 04:00:00
nvd
nvd
CVE-2004-0399
2004-07-07 04:00:00
CVE-2004-0400
2004-07-07 04:00:00
debiancve
debiancve
CVE-2004-0399
2004-07-07 04:00:00
CVE-2004-0400
2004-07-07 04:00:00
gentoo
gentoo
Exim verify=header_syntax buffer overflow
2004-05-14 00:00:00
freebsd
freebsd
exim buffer overflow when verify = header_syntax is used
2004-05-06 00:00:00
suse
suse
local privilege escalation in mc
2004-05-14 14:09:57

0.422 Medium

EPSS

Percentile

97.3%

JSON
Related for OSV:DSA-502
nessus6openvas8osv1debian4cve2ubuntucve2cvelist2nvd2debiancve2gentoo1freebsd1suse1