The Exim Mail Transfer Agent (MTA) contains a buffer overflow that allows a local attacker to execute arbitrary code.
Exim MTA is an open-source mail transport agent distributed by the University of Cambridge. A lack of input validation on user supplied data may allow a buffer overflow to occur in Exim. If a local attacker supplies the Exim with a specially crafted command line options, that attacker may be able to cause a buffer overflow in the dns_build_reverse()routine.
According to public reports, this vulnerability exists in Exim versions prior to 4.44.
A local attacker may be able to execute arbitrary code with elevated (root) privileges.
Hewlett-Packard Company Unknown
Ingrian Networks Unknown
MontaVista Software Unknown
Red Hat Inc. Unknown
University of Cambridge Unknown
This vulnerability was reported by iDEFENSE Inc.
This document was written by Jeff Gennari.
|Date First Published:||2005-01-27|
|Date Last Updated:||2005-01-28 20:18 UTC|