Vulnerability CVE-2019-16928


Published: 2019-09-27

Description:
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

Type:

CWE-120

(Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))

Vendor: EXIM
Product: EXIM 
Version:
4.92.2
4.92.1
4.92
Vendor: Canonical
Product: Ubuntu linux 
Version: 19.04;
Vendor: Debian
Product: Debian linux 
Version: 10;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.openwall.com/lists/oss-security/2019/09/28/1
http://www.openwall.com/lists/oss-security/2019/09/28/2
http://www.openwall.com/lists/oss-security/2019/09/28/3
http://www.openwall.com/lists/oss-security/2019/09/28/4
https://bugs.exim.org/show_bug.cgi?id=2449
https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f
https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/
https://seclists.org/bugtraq/2019/Sep/60
https://usn.ubuntu.com/4141-1/
https://www.debian.org/security/2019/dsa-4536

Related CVE
CVE-2019-18397
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user...
CVE-2012-4385
letodms 3.3.6 has CSRF via change password
CVE-2012-4384
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar
CVE-2011-1588
Thunar 1.2 through 1.2.1 could crash when copy and pasting a file name with % format characters due to a format string error.
CVE-2011-1488
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service ...
CVE-2011-1136
In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.
CVE-2011-1070
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.
CVE-2011-0544
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.

Copyright 2019, cxsecurity.com

 

Back to Top