English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.853799
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for exim (openSUSE-SU-2021:0677-1)
Summary:The remote host is missing an update for the 'exim'; package(s) announced via the openSUSE-SU-2021:0677-1 advisory.
Description:Summary:
The remote host is missing an update for the 'exim'
package(s) announced via the openSUSE-SU-2021:0677-1 advisory.

Vulnerability Insight:
This update for exim fixes the following issues:


Exim was updated to exim-4.94.2

security update (boo#1185631)

* CVE-2020-28007: Link attack in Exim' s log directory

* CVE-2020-28008: Assorted attacks in Exim' s spool directory

* CVE-2020-28014: Arbitrary PID file creation

* CVE-2020-28011: Heap buffer overflow in queue_run()

* CVE-2020-28010: Heap out-of-bounds write in main()

* CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()

* CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()

* CVE-2020-28015: New-line injection into spool header file (local)

* CVE-2020-28012: Missing close-on-exec flag for privileged pipe

* CVE-2020-28009: Integer overflow in get_stdinput()

* CVE-2020-28017: Integer overflow in receive_add_recipient()

* CVE-2020-28020: Integer overflow in receive_msg()

* CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()

* CVE-2020-28021: New-line injection into spool header file (remote)

* CVE-2020-28022: Heap out-of-bounds read and write in extract_option()

* CVE-2020-28026: Line truncation and injection in spool_read_header()

* CVE-2020-28019: Failure to reset function pointer after BDAT error

* CVE-2020-28024: Heap buffer underflow in smtp_ungetc()

* CVE-2020-28018: Use-after-free in tls-openssl.c

* CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()

update to exim-4.94.1

* Fix security issue in BDAT state confusion. Ensure we reset known-good
where we know we need to not be reading BDAT data, as a general case
fix, and move the places where we switch to BDAT mode until after
various protocol state checks. Fixes CVE-2020-BDATA reported by Qualys.

* Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT)

* Fix security issue with too many recipients on a message (to remove a
known security problem if someone does set recipients_max to unlimited,
or if local additions add to the recipient list). Fixes CVE-2020-RCPTL
reported by Qualys.

* Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in
parse_fix_phrase()

* Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
providing a particularly obnoxious sender full name.

* Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
better.

- bring back missing exim_db.8 manual page (fixes boo#1173693)

Description truncated. Please see the references for more information.

Affected Software/OS:
'exim' package(s) on openSUSE Leap 15.2.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-1000369
BugTraq ID: 99252
http://www.securityfocus.com/bid/99252
Debian Security Information: DSA-3888 (Google Search)
http://www.debian.org/security/2017/dsa-3888
https://security.gentoo.org/glsa/201709-19
https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
http://www.securitytracker.com/id/1038779
Common Vulnerability Exposure (CVE) ID: CVE-2017-16943
Debian Security Information: DSA-4053 (Google Search)
https://www.debian.org/security/2017/dsa-4053
http://openwall.com/lists/oss-security/2017/11/25/1
http://openwall.com/lists/oss-security/2017/11/25/2
http://openwall.com/lists/oss-security/2017/11/25/3
https://bugs.exim.org/show_bug.cgi?id=2199
https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde
https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
http://www.openwall.com/lists/oss-security/2021/05/04/7
http://www.securitytracker.com/id/1039872
Common Vulnerability Exposure (CVE) ID: CVE-2017-16944
https://www.exploit-db.com/exploits/43184/
https://bugs.exim.org/show_bug.cgi?id=2201
http://www.securitytracker.com/id/1039873
Common Vulnerability Exposure (CVE) ID: CVE-2018-6789
BugTraq ID: 103049
http://www.securityfocus.com/bid/103049
Debian Security Information: DSA-4110 (Google Search)
https://www.debian.org/security/2018/dsa-4110
https://www.exploit-db.com/exploits/44571/
https://www.exploit-db.com/exploits/45671/
http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html
https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html
http://www.openwall.com/lists/oss-security/2018/02/07/2
http://www.securitytracker.com/id/1040461
https://usn.ubuntu.com/3565-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-16928
Bugtraq: 20190929 [SECURITY] [DSA 4536-1] exim4 security update (Google Search)
https://seclists.org/bugtraq/2019/Sep/60
Debian Security Information: DSA-4536 (Google Search)
https://www.debian.org/security/2019/dsa-4536
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/
https://security.gentoo.org/glsa/202003-47
https://bugs.exim.org/show_bug.cgi?id=2449
https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f
https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html
http://www.openwall.com/lists/oss-security/2019/09/28/1
http://www.openwall.com/lists/oss-security/2019/09/28/2
http://www.openwall.com/lists/oss-security/2019/09/28/3
http://www.openwall.com/lists/oss-security/2019/09/28/4
https://usn.ubuntu.com/4141-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-12783
Debian Security Information: DSA-4687 (Google Search)
https://www.debian.org/security/2020/dsa-4687
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/
https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html
https://usn.ubuntu.com/4366-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-28007
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28008
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28009
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28010
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28010-SLCWD.txt
http://www.openwall.com/lists/oss-security/2021/07/22/7
Common Vulnerability Exposure (CVE) ID: CVE-2020-28011
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28011-SPRSS.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28012
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28012-CLOSE.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28013
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28013-PFPSN.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28014
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28015
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28015-NLEND.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28016
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28016-PFPZA.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28017
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28018
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt
http://www.openwall.com/lists/oss-security/2021/05/11/14
http://www.openwall.com/lists/oss-security/2021/05/11/15
http://www.openwall.com/lists/oss-security/2021/05/11/17
http://www.openwall.com/lists/oss-security/2021/05/11/6
http://www.openwall.com/lists/oss-security/2021/05/11/5
http://www.openwall.com/lists/oss-security/2021/05/12/2
http://www.openwall.com/lists/oss-security/2021/05/12/3
Common Vulnerability Exposure (CVE) ID: CVE-2020-28019
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28019-BDATA.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28020
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt
http://www.openwall.com/lists/oss-security/2021/07/25/1
http://www.openwall.com/lists/oss-security/2021/08/03/1
Common Vulnerability Exposure (CVE) ID: CVE-2020-28021
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28021-MAUTH.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28022
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28022-EXOPT.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28023
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28024
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28024-UNGET.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28025
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt
Common Vulnerability Exposure (CVE) ID: CVE-2020-28026
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28026-FGETS.txt
Common Vulnerability Exposure (CVE) ID: CVE-2019-15846
Bugtraq: 20190906 [SECURITY] [DSA 4517-1] exim4 security update (Google Search)
https://seclists.org/bugtraq/2019/Sep/13
CERT/CC vulnerability note: VU#672565
https://www.kb.cert.org/vuls/id/672565
Debian Security Information: DSA-4517 (Google Search)
https://www.debian.org/security/2019/dsa-4517
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SBNHDAF74RI6VK2JVSEIE3VYNL7JJDYM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FT3GY7V7SR2RHKNZNQCGXFWUSILVSZNU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDF37AUNETIOXY6ZLQAUBGBVUTMMV242/
https://security.gentoo.org/glsa/201909-06
http://exim.org/static/doc/security/CVE-2019-15846.txt
https://exim.org/static/doc/security/CVE-2019-15846.txt
https://www.openwall.com/lists/oss-security/2019/09/06/1
https://lists.debian.org/debian-lts-announce/2019/09/msg00004.html
http://www.openwall.com/lists/oss-security/2019/09/06/2
http://www.openwall.com/lists/oss-security/2019/09/06/4
http://www.openwall.com/lists/oss-security/2019/09/06/5
http://www.openwall.com/lists/oss-security/2019/09/06/8
http://www.openwall.com/lists/oss-security/2019/09/07/2
http://www.openwall.com/lists/oss-security/2019/09/06/6
http://www.openwall.com/lists/oss-security/2019/09/07/1
http://www.openwall.com/lists/oss-security/2019/09/08/1
http://www.openwall.com/lists/oss-security/2019/09/09/1
SuSE Security Announcement: openSUSE-SU-2019:2093 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.html
https://usn.ubuntu.com/4124-1/
https://usn.ubuntu.com/4124-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-13917
Bugtraq: 20190730 [SECURITY] [DSA 4488-1] exim4 security update (Google Search)
https://seclists.org/bugtraq/2019/Jul/51
Debian Security Information: DSA-4488 (Google Search)
https://www.debian.org/security/2019/dsa-4488
http://www.openwall.com/lists/oss-security/2019/07/26/5
Common Vulnerability Exposure (CVE) ID: CVE-2019-10149
BugTraq ID: 108679
http://www.securityfocus.com/bid/108679
Bugtraq: 20190605 [SECURITY] [DSA 4456-1] exim4 security update (Google Search)
https://seclists.org/bugtraq/2019/Jun/5
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
Debian Security Information: DSA-4456 (Google Search)
https://www.debian.org/security/2019/dsa-4456
http://seclists.org/fulldisclosure/2019/Jun/16
https://security.gentoo.org/glsa/201906-01
http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html
http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html
http://www.openwall.com/lists/oss-security/2019/06/05/2
http://www.openwall.com/lists/oss-security/2019/06/05/3
http://www.openwall.com/lists/oss-security/2019/06/05/4
http://www.openwall.com/lists/oss-security/2019/06/06/1
http://www.openwall.com/lists/oss-security/2019/07/25/6
http://www.openwall.com/lists/oss-security/2019/07/25/7
http://www.openwall.com/lists/oss-security/2019/07/26/4
SuSE Security Announcement: openSUSE-SU-2019:1524 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html
https://usn.ubuntu.com/4010-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.