AVG-1911 log

Package exim
Status Fixed
Severity High
Type multiple issues
Affected 4.94-3
Fixed 4.94.2-1
Current 4.95-2 [community]
Ticket None
Created Tue May 4 13:46:53 2021
Issue Severity Remote Type Description
CVE-2020-28026 High Yes Arbitrary command execution
Exim 4 before 4.94.2 has improper neutralization of line delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN)....
CVE-2020-28025 Medium Yes Information disclosure
Exim 4 before 4.94.2 allows out-of-bounds read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len;...
CVE-2020-28024 High Yes Arbitrary command execution
Exim 4 before 4.94.2 allows buffer underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only...
CVE-2020-28023 Medium Yes Information disclosure
Exim 4 before 4.94.2 allows out-of-bounds read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.
CVE-2020-28022 Medium Yes Arbitrary code execution
Exim 4 before 4.94.2 has improper restriction of write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within...
CVE-2020-28021 High Yes Arbitrary command execution
Exim 4 before 4.94.2 has improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file...
CVE-2020-28019 Medium Yes Denial of service
Exim 4 before 4.94.2 has improper initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of...
CVE-2020-28018 Medium Yes Arbitrary code execution
Exim 4 before 4.94.2 allows use after free in smtp_reset in certain situations that may be common for builds with OpenSSL.
CVE-2020-28017 Low Yes Arbitrary code execution
Exim 4 before 4.94.2 allows integer overflow to buffer overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote...
CVE-2020-28016 Low No Privilege escalation
Exim 4 before 4.94.2 allows an off-by-two out-of-bounds write because "-F ''" is mishandled by parse_fix_phrase.
CVE-2020-28015 Medium No Privilege escalation
Exim 4 before 4.94.2 has improper neutralization of line delimiters. Local users can alter the behavior of root processes because a recipient address can...
CVE-2020-28014 Medium No Arbitrary file overwrite
Exim 4 before 4.94.2 allows execution with unnecessary privileges. The -oP option is available to the exim user, and allows a denial of service because...
CVE-2020-28013 Medium No Privilege escalation
Exim 4 before 4.94.2 allows heap-based buffer overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any...
CVE-2020-28012 Medium No Privilege escalation
Exim 4 before 4.94.2 allows exposure of file descriptors to an unintended control sphere because rda_interpret uses a privileged pipe that lacks a...
CVE-2020-28011 Medium No Privilege escalation
Exim 4 before 4.94.2 allows heap-based buffer overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
CVE-2020-28010 Medium No Privilege escalation
Exim 4 before 4.94.2 allows out-of-bounds writes because the main function, while setuid root, copies the current working directory pathname into a buffer...
CVE-2020-28009 Low No Privilege escalation
Exim 4 before 4.94.2 allows integer overflow to buffer overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a...
CVE-2020-28008 Medium No Arbitrary command execution
Exim 4 before 4.94.2 allows execution with unnecessary privileges. Because Exim operates as root in the spool directory (owned by a non- root user), an...
CVE-2020-28007 Medium No Arbitrary file overwrite
Exim 4 before 4.94.2 allows execution with unnecessary privileges. Because Exim operates as root in the log directory (owned by a non- root user), a symlink...