Exim.Verification.Header.Buffer.Overflow

description-logoDescription

Exim has a stack-based buffer overflow. A remote attacker can execute arbitrary code on the system of the service with the system privilege via malicious e-mail. It is dependent on setting ?verify = header_syntax? in the exim.conf configuration file, which is not the default setting.

affected-products-logoAffected Products

Exim 3.35, and other versions before 4

Impact logoImpact

Gain unauthorised access to the victim system.

recomended-action-logoRecommended Actions

Upgrade to the latest version of exim (3.35-3woody2 or later).

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)