CVE-2020-28021 - log back

CVE-2020-28021 edited at 06 May 2021 17:27:02
Description
- A security issue has been found in Exim before version 4.94.2 that allows for an authenticated remote code execution as root using new-line injection into spool header files.
+ Exim 4 before 4.94.2 has improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.
CVE-2020-28021 edited at 04 May 2021 14:46:26
Severity
- Low
+ High
Type
- Incorrect calculation
+ Arbitrary command execution
Description
- A security issue has been found in Exim before version 4.94.2 that allows for new-line injection into spool header files (remote).
+ A security issue has been found in Exim before version 4.94.2 that allows for an authenticated remote code execution as root using new-line injection into spool header files.
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/fcddccd650178ceeec3655c6c40f420164a8706e
Notes
CVE-2020-28021 edited at 04 May 2021 14:03:57
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Incorrect calculation
Description
+ A security issue has been found in Exim before version 4.94.2 that allows for new-line injection into spool header files (remote).
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28021 created at 04 May 2021 13:46:53