CVE-2003-0743: Buffer Overflow
First published: Sat Sep 06 2003(Updated: )
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| University of Cambridge Exim | =3.21 | |
| University of Cambridge Exim | =3.19 | |
| University of Cambridge Exim | =3.34 | |
| University of Cambridge Exim | =3.15 | |
| University of Cambridge Exim | =3.11 | |
| University of Cambridge Exim | =3.18 | |
| University of Cambridge Exim | =3.12 | |
| University of Cambridge Exim | =3.13 | |
| University of Cambridge Exim | =3.17 | |
| University of Cambridge Exim | =3.16 | |
| University of Cambridge Exim | =3.3.1 | |
| University of Cambridge Exim | =3.3.2 | |
| University of Cambridge Exim | =3.36 | |
| University of Cambridge Exim | =4.10 | |
| University of Cambridge Exim | =3.20 | |
| University of Cambridge Exim | =3.32 | |
| University of Cambridge Exim | =3.33 | |
| University of Cambridge Exim | =3.0 | |
| University of Cambridge Exim | =3.30 | |
| University of Cambridge Exim | =3.31 | |
| University of Cambridge Exim | =4.20 | |
| University of Cambridge Exim | =3.14 | |
| University of Cambridge Exim | =3.22 | |
| University of Cambridge Exim | =3.3 | |
| University of Cambridge Exim | =3.35 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2003/dsa-376
- http://www.exim.org/pipermail/exim-announce/2003q3/000094.html
- http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html
- http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html
- http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog
- http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735
- http://marc.info/?l=bugtraq&m=106252015820395&w=2
- http://marc.info/?l=vuln-dev&m=106264740820334&w=2
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/university of cambridge
- canonical/university of cambridge exim
- version/university of cambridge exim/3.21
- version/university of cambridge exim/3.19
- version/university of cambridge exim/3.34
- version/university of cambridge exim/3.15
- version/university of cambridge exim/3.11
- version/university of cambridge exim/3.18
- version/university of cambridge exim/3.12
- version/university of cambridge exim/3.13
- version/university of cambridge exim/3.17
- version/university of cambridge exim/3.16
- version/university of cambridge exim/3.3.1
- version/university of cambridge exim/3.3.2
- version/university of cambridge exim/3.36
- version/university of cambridge exim/4.10
- version/university of cambridge exim/3.20
- version/university of cambridge exim/3.32
- version/university of cambridge exim/3.33
- version/university of cambridge exim/3.0
- version/university of cambridge exim/3.30
- version/university of cambridge exim/3.31
- version/university of cambridge exim/4.20
- version/university of cambridge exim/3.14
- version/university of cambridge exim/3.22
- version/university of cambridge exim/3.3
- version/university of cambridge exim/3.35