CVE-2005-0022 - OpenCVE

Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
University Of Cambridge	Exim

Configuration 1 [-]

OR	cpe:2.3:a:university_of_cambridge:exim::::::::
	cpe:2.3:a:university_of_cambridge:exim:4.41:::::::*
	cpe:2.3:a:university_of_cambridge:exim:4.42:::::::*

References

Link	Resource
http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44
http://marc.info/?l=bugtraq&m=110824870908614&w=2
http://security.gentoo.org/glsa/glsa-200501-23.xml	Vendor Advisory
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html	Patch
http://www.idefense.com/application/poi/display?id=178&type=vulnerabilities
http://www.redhat.com/support/errata/RHSA-2005-025.html	Patch
http://www.securityfocus.com/bid/12188
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11293

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-01-06T05:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2005-01-04T00:00:00

Link: CVE-2005-0022

JSON object: View

NVD Information

Status : Modified

Published: 2005-05-02T04:00:00.000

Modified: 2017-10-11T01:29:48.530

Link: CVE-2005-0022

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:11293", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11293"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44"}, {"name": "20050212 exim auth_spa_server() PoC exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110824870908614&w=2"}, {"name": "12188", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12188"}, {"name": "RHSA-2005:025", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-025.html"}, {"name": "20050107 Exim auth_spa_server() Buffer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://www.idefense.com/application/poi/display?id=178&type=vulnerabilities"}, {"name": "GLSA-200501-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200501-23.xml"}, {"name": "[exim] 20050104 2 smallish security issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0022", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:11293", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11293"}, {"name": "http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44", "refsource": "CONFIRM", "url": "http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44"}, {"name": "20050212 exim auth_spa_server() PoC exploit", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110824870908614&w=2"}, {"name": "12188", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12188"}, {"name": "RHSA-2005:025", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-025.html"}, {"name": "20050107 Exim auth_spa_server() Buffer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/application/poi/display?id=178&type=vulnerabilities"}, {"name": "GLSA-200501-23", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200501-23.xml"}, {"name": "[exim] 20050104 2 smallish security issues", "refsource": "MLIST", "url": "http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0022", "datePublished": "2005-01-06T05:00:00", "dateReserved": "2005-01-04T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:university_of_cambridge:exim:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F9C6432-7FDB-4DF9-A1D8-ED454D9FE322", "versionEndIncluding": "4.40", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_cambridge:exim:4.41:*:*:*:*:*:*:*", "matchCriteriaId": "A11FE354-D770-43E4-85EF-582BCC344D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_cambridge:exim:4.42:*:*:*:*:*:*:*", "matchCriteriaId": "CF7F88AF-13F0-4236-A87E-52768636A972", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication."}], "id": "CVE-2005-0022", "lastModified": "2017-10-11T01:29:48.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=110824870908614&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200501-23.xml"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html"}, {"source": "cve@mitre.org", "url": "http://www.idefense.com/application/poi/display?id=178&type=vulnerabilities"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.redhat.com/support/errata/RHSA-2005-025.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/12188"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11293"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}