exim

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Message Transfer Agent
Version 4.95-2 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2272 4.95-2 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-38371 AVG-2272 High Yes Man-in-the-middle
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1912 4.91-2 4.92-1 High Fixed
AVG-1911 4.94-3 4.94.2-1 High Fixed
AVG-1038 4.92.2-1 4.92.3-1 Critical Fixed
AVG-1037 4.92.1-1 4.92.2-1 Critical Fixed
AVG-1011 4.92-1 4.92.1-1 Critical Fixed
AVG-982 4.91-1 4.92-1 Critical Fixed
AVG-608 4.90-3 4.90.1-1 High Fixed
AVG-518 4.89-1 4.89.1-1 Critical Fixed FS#56478
AVG-153 4.87-1 4.88-1 Medium Fixed FS#52221
Issue Group Severity Remote Type Description
CVE-2020-28026 AVG-1911 High Yes Arbitrary command execution
Exim 4 before 4.94.2 has improper neutralization of line delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN)....
CVE-2020-28025 AVG-1911 Medium Yes Information disclosure
Exim 4 before 4.94.2 allows out-of-bounds read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len;...
CVE-2020-28024 AVG-1911 High Yes Arbitrary command execution
Exim 4 before 4.94.2 allows buffer underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only...
CVE-2020-28023 AVG-1911 Medium Yes Information disclosure
Exim 4 before 4.94.2 allows out-of-bounds read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.
CVE-2020-28022 AVG-1911 Medium Yes Arbitrary code execution
Exim 4 before 4.94.2 has improper restriction of write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within...
CVE-2020-28021 AVG-1911 High Yes Arbitrary command execution
Exim 4 before 4.94.2 has improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file...
CVE-2020-28020 AVG-1912 High Yes Arbitrary code execution
Exim 4 before 4.92 allows integer overflow to buffer overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the...
CVE-2020-28019 AVG-1911 Medium Yes Denial of service
Exim 4 before 4.94.2 has improper initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of...
CVE-2020-28018 AVG-1911 Medium Yes Arbitrary code execution
Exim 4 before 4.94.2 allows use after free in smtp_reset in certain situations that may be common for builds with OpenSSL.
CVE-2020-28017 AVG-1911 Low Yes Arbitrary code execution
Exim 4 before 4.94.2 allows integer overflow to buffer overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote...
CVE-2020-28016 AVG-1911 Low No Privilege escalation
Exim 4 before 4.94.2 allows an off-by-two out-of-bounds write because "-F ''" is mishandled by parse_fix_phrase.
CVE-2020-28015 AVG-1911 Medium No Privilege escalation
Exim 4 before 4.94.2 has improper neutralization of line delimiters. Local users can alter the behavior of root processes because a recipient address can...
CVE-2020-28014 AVG-1911 Medium No Arbitrary file overwrite
Exim 4 before 4.94.2 allows execution with unnecessary privileges. The -oP option is available to the exim user, and allows a denial of service because...
CVE-2020-28013 AVG-1911 Medium No Privilege escalation
Exim 4 before 4.94.2 allows heap-based buffer overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any...
CVE-2020-28012 AVG-1911 Medium No Privilege escalation
Exim 4 before 4.94.2 allows exposure of file descriptors to an unintended control sphere because rda_interpret uses a privileged pipe that lacks a...
CVE-2020-28011 AVG-1911 Medium No Privilege escalation
Exim 4 before 4.94.2 allows heap-based buffer overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
CVE-2020-28010 AVG-1911 Medium No Privilege escalation
Exim 4 before 4.94.2 allows out-of-bounds writes because the main function, while setuid root, copies the current working directory pathname into a buffer...
CVE-2020-28009 AVG-1911 Low No Privilege escalation
Exim 4 before 4.94.2 allows integer overflow to buffer overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a...
CVE-2020-28008 AVG-1911 Medium No Arbitrary command execution
Exim 4 before 4.94.2 allows execution with unnecessary privileges. Because Exim operates as root in the spool directory (owned by a non- root user), an...
CVE-2020-28007 AVG-1911 Medium No Arbitrary file overwrite
Exim 4 before 4.94.2 allows execution with unnecessary privileges. Because Exim operates as root in the log directory (owned by a non- root user), a symlink...
CVE-2019-16928 AVG-1038 Critical Yes Arbitrary code execution
It has been discovered that Exim before 4.92.3 is vulnerable to a heap-based buffer overflow in string_vformat (string.c) involving a long EHLO command...
CVE-2019-15846 AVG-1037 Critical Yes Arbitrary command execution
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
CVE-2019-13917 AVG-1011 Critical Yes Arbitrary code execution
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that...
CVE-2019-10149 AVG-982 Critical Yes Arbitrary code execution
A flaw was found in the way exim validated recipient addresses. A remote attacker could use this flaw to execute arbitrary commands on the exim server with...
CVE-2018-6789 AVG-608 High Yes Arbitrary code execution
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen....
CVE-2017-1000369 AVG-518 Medium No Denial of service
An uncontrolled resource consumption flaw has been discovered in Exim before 4.89.1. The use of multiple "-p" command line arguments which are malloc()'ed...
CVE-2017-16944 AVG-518 High Yes Denial of service
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack...
CVE-2017-16943 AVG-518 Critical Yes Arbitrary code execution
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2017-10140 AVG-518 Medium No Information disclosure
It was found that Berkeley DB reads the DB_CONFIG configuration file from the current working directory by default. This happens when calling db_create()...
CVE-2016-9963 AVG-153 Medium Yes Information disclosure
It was found that Exim leaked DKIM signing private keys to the "mainlog" log file. As a result, an attacker with access to system log files could...

Advisories

Date Advisory Group Severity Type
02 Oct 2019 ASA-201910-1 AVG-1038 Critical arbitrary code execution
06 Sep 2019 ASA-201909-3 AVG-1037 Critical arbitrary command execution
05 Aug 2019 ASA-201908-4 AVG-1011 Critical arbitrary code execution
12 Feb 2018 ASA-201802-6 AVG-608 High arbitrary code execution
30 Nov 2017 ASA-201711-32 AVG-518 Critical multiple issues