CVE-2020-28009 - log back

CVE-2020-28009 edited at 06 May 2021 17:14:54
Description
- An integer overflow in get_stdinput() has been found in Exim before version 4.94.2. If exploitable, this vulnerability would allow an unprivileged local attacker to obtain full root privileges.
+ Exim 4 before 4.94.2 allows integer overflow to buffer overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days).
CVE-2020-28009 edited at 04 May 2021 14:23:09
Severity
- Medium
+ Low
Type
- Arbitrary code execution
+ Privilege escalation
Description
- An integer overflow in get_stdinput() has been found in Exim before version 4.94.2.
+ An integer overflow in get_stdinput() has been found in Exim before version 4.94.2. If exploitable, this vulnerability would allow an unprivileged local attacker to obtain full root privileges.
CVE-2020-28009 edited at 04 May 2021 14:17:04
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/1241deaefb71c40436320af7d0bd04c7c9e54241
CVE-2020-28009 edited at 04 May 2021 13:53:31
Severity
- Low
+ Medium
CVE-2020-28009 edited at 04 May 2021 13:52:52
Type
- Arbitrary filesystem access
+ Arbitrary code execution
Description
- A security issue has been found in Exim before version 4.94.2 that allows for arbitrary PID file creation.
+ An integer overflow in get_stdinput() has been found in Exim before version 4.94.2.
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
Notes
CVE-2020-28009 edited at 04 May 2021 13:52:04
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary filesystem access
Description
+ A security issue has been found in Exim before version 4.94.2 that allows for arbitrary PID file creation.
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28009 created at 04 May 2021 13:46:53