Release DateOct 18, 2006 |
Severitymedium |
ImpactGain unauthorised access to the victim system. |
DescriptionExim has a stack-based buffer overflow. A remote attacker can execute arbitrary code on the system of the service with the system privilege via malicious e-mail. It is dependent on setting ?verify = header_syntax? in the exim.conf configuration file, which is not the default setting. |
Affected ProductsExim 3.35, and other versions before 4 |
Recommended ActionsUpgrade to the latest version of exim (3.35-3woody2 or later). |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2004-0399 |
Reference/shttp://www.securityfocus.com/bid/10290 (BugTraq) |