Vulnerabilities > CVE-2003-0743 - Unspecified vulnerability in University of Cambridge Exim
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
Vulnerable Configurations
Nessus
NASL family SMTP problems NASL id EXIM_HEAP_OVERFLOW.NASL description According to its banner, the version of Exim running on the remote host has a remote heap-based buffer overflow vulnerability. A remote, unauthenticated attacker could potentially exploit this to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 11828 published 2003-09-02 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11828 title Exim < 4.22 smtp_in.c HELO/EHLO Remote Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(11828); script_version ("1.20"); script_cve_id("CVE-2003-0743"); script_bugtraq_id(8518); script_name(english:"Exim < 4.22 smtp_in.c HELO/EHLO Remote Overflow"); script_summary(english:"Checks the version of the remote Exim daemon"); script_set_attribute( attribute:"synopsis", value:"The remote SMTP server has a heap-based buffer overflow vulnerability." ); script_set_attribute( attribute:"description", value: "According to its banner, the version of Exim running on the remote host has a remote heap-based buffer overflow vulnerability. A remote, unauthenticated attacker could potentially exploit this to execute arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://lists.exim.org/lurker/message/20030814.083154.40b19dfb.html" ); script_set_attribute( attribute:"see_also", value:"https://lists.exim.org/lurker/message/20030815.092719.8a26db10.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to Exim 4.21 or later, or apply the appropriate patches." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2003/09/02"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/08/14"); script_cvs_date("Date: 2018/07/10 14:27:33"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:exim:exim"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"SMTP problems"); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_dependencie("smtpserver_detect.nasl"); script_require_ports("Services/smtp", 25); exit(0); } # # The script code starts here # include("smtp_func.inc"); port = get_kb_item("Services/smtp"); if(!port)port = 25; banner = get_smtp_banner(port:port); if(!banner)exit(0); if(egrep(pattern:"220.*Exim ([0-3]\.|4\.([0-9][^0-9]|1[0-9][^0-9]|2[01][^0-9]))", string:banner))security_hole(port);NASL family Debian Local Security Checks NASL id DEBIAN_DSA-376.NASL description A buffer overflow exists in exim, which is the standard mail transport agent in Debian. By supplying a specially crafted HELO or EHLO command, an attacker could cause a constant string to be written past the end of a buffer allocated on the heap. This vulnerability is not believed at this time to be exploitable to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 15213 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15213 title Debian DSA-376-2 : exim - buffer overflow
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735
- http://marc.info/?l=bugtraq&m=106252015820395&w=2
- http://marc.info/?l=vuln-dev&m=106264740820334&w=2
- http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog
- http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog
- http://www.debian.org/security/2003/dsa-376
- http://www.exim.org/pipermail/exim-announce/2003q3/000094.html
- http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html
- http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html