First published: Thu Feb 08 2018(Updated: )
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Exim Exim | <4.90.1 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
debian/exim4 | <=4.90-1<=4.80-1 | 4.90.1-1 4.89-2+deb9u3 4.84.2-2+deb8u5 |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Exim Exim | ||
debian/exim4 | 4.94.2-7+deb11u3 4.94.2-7+deb11u4 4.96-15+deb12u6 4.96-15+deb12u5 4.98-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6789 is a vulnerability in Exim that can result in a buffer overflow, allowing remote code execution.
The severity level of CVE-2018-6789 is critical, with a CVSS score of 9.8.
Exim versions up to and exclusive of 4.90.1, Debian Linux 7.0 to 9.0, and Ubuntu Linux 14.04 to 17.10 are affected by CVE-2018-6789.
To fix CVE-2018-6789, users should update to Exim version 4.90.1 or later, or apply the appropriate patches provided by Debian or Ubuntu.
More information about CVE-2018-6789 can be found at the Debian Security Tracker, MITRE CVE website, and the Exim website.