Intrusion Prevention

SMTP.MailFrom.Command.Buffer.Overflow

Description

This vulnerability affects the Exim mail transfer agent. The vulnerability is the result of an unchecked buffer in the sender verification code. A remote attacker could send a specially crafted email to cause a buffer overflow, possibly resulting in a denial of service or execution of arbitrary code. For this attack to be possible, sender_verify in exim.conf must be enabled.

Affected Products

University of Cambridge Exim 3.35.
University of Cambridge Exim 4.32.

Impact

System compromise, Denial of service, execution of arbitrary code.

Recommended Actions

Upgrade to exim 4.33-1 or later.

CVE References

CVE-2004-0399

Other References

1