• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Exim SPA Authentication Remote Buffer Overflow Vulnerability

Exim is reported susceptible to a buffer overflow vulnerability when attempting to authenticate remote users via SPA. This issue is due to a failure of the application to properly bounds check user-supplied input prior to copying it to a fixed-size memory buffer.

This vulnerability reportedly allows remote attackers to execute arbitrary code in the context of the affected server application. This issue is only exploitable if SPA authentication is configured to be used. SPA authentication is not enabled by default.