Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability

Exim is reportedly prone to a remotely exploitable stack-based buffer overrun vulnerability.

This issue is exposed if header syntax checking has been enabled in the agent and may be triggered by a malicious e-mail. Though not confirmed to be exploitable, if this condition were to be exploited, it would result in execution of arbitrary code in the context of the mail transfer agent. Otherwise, the agent would crash when handling malformed syntax in an e-mail message.

The issue is reported to exist in both Exim 3.35 and 4.32, though the vulnerable code exists in different source files in each of these versions.

It should be noted that the vulnerable functionality is not enabled in the default install, though some Linux/Unix distributions that ship the software may enable it.


Privacy Statement
Copyright 2010, SecurityFocus