---

CVE-2020-28011 - log back

CVE-2020-28011 edited at 06 May 2021 17:16:22
Description	- A heap buffer overflow in queue_run() has been found in Exim before version 4.94.2. If exploitable, it would allow an attacker who obtained the privileges of the "exim" user to obtain full root privileges. + Exim 4 before 4.94.2 allows heap-based buffer overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.

CVE-2020-28011 edited at 04 May 2021 14:25:16
Type	- Arbitrary code execution + Privilege escalation
Description	- A heap buffer overflow in queue_run() has been found in Exim before version 4.94.2. + A heap buffer overflow in queue_run() has been found in Exim before version 4.94.2. If exploitable, it would allow an attacker who obtained the privileges of the "exim" user to obtain full root privileges.
References	https://www.openwall.com/lists/oss-security/2021/05/04/6 https://www.qualys.com/2021/05/04/21nails/21nails.txt + https://git.exim.org/exim.git/commitdiff/08102cbe8102f99b31655aa0e926c45b427efe6d
Notes

CVE-2020-28011 edited at 04 May 2021 13:54:02
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ A heap buffer overflow in queue_run() has been found in Exim before version 4.94.2.
References	+ https://www.openwall.com/lists/oss-security/2021/05/04/6 + https://www.qualys.com/2021/05/04/21nails/21nails.txt

CVE-2020-28011 created at 04 May 2021 13:46:53