Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exim CVE-2019-16928 RCE #69811

Closed
fpletz opened this issue Sep 28, 2019 · 2 comments
Closed

exim CVE-2019-16928 RCE #69811

fpletz opened this issue Sep 28, 2019 · 2 comments
Labels
1.severity: security 9.needs: package (update)
Milestone
19.09

Comments

@fpletz
Copy link
Member

fpletz commented Sep 28, 2019

There is a heap-based buffer overflow in string_vformat (string.c).
The currently known exploit uses a extraordinary long EHLO string to
crash the Exim process that is receiving the message. While at this
mode of operation Exim already dropped its privileges, other paths to
reach the vulnerable code may exist.

Version 4.92.3 will be released in the next 48 hours.

References:
@fpletz fpletz added this to the 19.09 milestone Sep 28, 2019
This was referenced Sep 30, 2019
Merged
Closed
Closed
@pacien
Copy link
Contributor

pacien commented Sep 30, 2019

@fpletz
Copy link
Member Author

fpletz commented Oct 2, 2019

Pushed to master and backported to 19.09 and 19.03. Thanks!

@fpletz fpletz closed this as completed Oct 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.severity: security 9.needs: package (update)
Projects
None yet
Milestone
19.09
Development

No branches or pull requests
2 participants
@fpletz @pacien