| Release Date | Oct 18, 2006 |
| Severity | Medium |
| Impact | Gain unauthorised access to the victim system. |
| Description | Exim has a stack-based buffer overflow. A remote attacker can execute arbitrary code on the system of the service with the system privilege via malicious e-mail. It is dependent on setting ?verify = header_syntax? in the exim.conf configuration file, which is not the default setting. |
| Affected Products | Exim 3.35, and other versions before 4 |
| Recommended Actions | Upgrade to the latest version of exim (3.35-3woody2 or later). |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0399
|
| Reference/s | http://www.securityfocus.com/bid/10290 (BugTraq)
|