Exim Sender Verification Remote Stack Buffer Overrun Vulnerability

Exim has been reported prone to a remotely exploitable stack-based buffer overrun vulnerability.

This is exposed if sender verification has been enabled in the agent and may be triggered by a malicious e-mail. Exploitation may permit execution of arbitrary code in the content of the mail transfer agent.

This issue is reported in exist in Exim 3.35. Earlier versions may also be affected.

It should be noted that the vulnerable functionality is not enabled in the default install, though some Linux/Unix distributions that ship the software may enable it.


 

Privacy Statement
Copyright 2010, SecurityFocus