CVE-2020-28013 - log back

CVE-2020-28013 edited at 06 May 2021 17:17:42
Description
- A heap buffer overflow in parse_fix_phrase() has been found in Exim before version 4.94.2. If exploitable, it would allow an unprivileged local attacker to obtain full root privileges.
+ Exim 4 before 4.94.2 allows heap-based buffer overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
CVE-2020-28013 edited at 04 May 2021 14:28:14
Type
- Arbitrary code execution
+ Privilege escalation
Description
- A heap buffer overflow in parse_fix_phrase() has been found in Exim before version 4.94.2.
+ A heap buffer overflow in parse_fix_phrase() has been found in Exim before version 4.94.2. If exploitable, it would allow an unprivileged local attacker to obtain full root privileges.
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/71585e8fcb8704a9f431f5a8d019280cccaad069
Notes
CVE-2020-28013 edited at 04 May 2021 13:56:01
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ A heap buffer overflow in parse_fix_phrase() has been found in Exim before version 4.94.2.
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28013 created at 04 May 2021 13:46:53