The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
References
Link | Resource |
---|---|
http://openwall.com/lists/oss-security/2017/11/25/1 | Mailing List |
http://openwall.com/lists/oss-security/2017/11/25/2 | Mailing List |
http://openwall.com/lists/oss-security/2017/11/25/3 | Mailing List |
http://www.openwall.com/lists/oss-security/2021/05/04/7 | |
http://www.securitytracker.com/id/1039873 | Third Party Advisory VDB Entry |
https://bugs.exim.org/show_bug.cgi?id=2201 | Exploit Issue Tracking |
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html | Mailing List |
https://www.debian.org/security/2017/dsa-4053 | Third Party Advisory |
https://www.exploit-db.com/exploits/43184/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-11-25T17:00:00
Updated: 2021-05-04T17:06:41
Reserved: 2017-11-25T00:00:00
Link: CVE-2017-16944
JSON object: View
NVD Information
Status : Modified
Published: 2017-11-25T17:29:00.307
Modified: 2021-05-04T18:15:08.297
Link: CVE-2017-16944
JSON object: View
Redhat Information
No data.
CWE