Executive Summary

Summary
Titleexim4 security update
Informations
NameDSA-4517First vendor Publication2019-09-06
VendorDebianLast vendor Modification2019-09-06
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

"Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.

For the oldstable distribution (stretch), this problem has been fixed in version 4.89-2+deb9u6.

For the stable distribution (buster), this problem has been fixed in version 4.92-8+deb10u2.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4

Original Source

Url : http://www.debian.org/security/2019/dsa-4517

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application133
Os3

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-09-06 21:22:29
  • Multiple Updates
2019-09-06 17:22:17
  • Multiple Updates
2019-09-06 13:18:57
  • First insertion