blob: ddd6f9c11aad247449f5aa182134c4e62c4ad415 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
From cve-request@mitre.org Mon Sep 2 18:12:21 2019
Return-Path: <cve-request@mitre.org>
Authentication-Results: mx.net.schlittermann.de; iprev=pass
(smtpvbsrv1.mitre.org) smtp.remote-ip=198.49.146.234; spf=pass
smtp.mailfrom=mitre.org; dkim=pass header.d=mitre.org header.s=selector1
header.a=rsa-sha256; dmarc=pass header.from=mitre.org
From: cve-request@mitre.org
To: hs@schlittermann.de
Cc: cve-request@mitre.org
Subject: Re: [scr749683] one CVE
Date: Mon, 2 Sep 2019 12:12:12 -0400 (EDT)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=utf-8
Status: RO
> [Suggested description]
> The SMTP Delivery process in Exim 4.92.1 has a Buffer Overflow.
> In the default runtime configuration, this is exploitable with crafted
> Server Name Indication (SNI) data during a TLS negotiation. In other
> configurations, it is exploitable with a crafted client TLS certificate.
>
> ------------------------------------------
>
> [Additional Information]
> It's the first CVE I request, so if there is anything missing, please tell me
>
> ------------------------------------------
>
> [Vulnerability Type]
> Buffer Overflow
>
> ------------------------------------------
>
> [Vendor of Product]
> Exim Development Team
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Exim - 4.92.1
>
> ------------------------------------------
>
> [Affected Component]
> SMTP Delivery process
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> To exploit the vulnerability the attacker needs a crafted client TLS
> certificate or a crafted SNI. While the first attack vector needs a
> non-default runtime configuration, the latter one should work with the
> default runtime config.
>
> ------------------------------------------
>
> [Discoverer]
> zerons zerons <sironhide0null@gmail.com>
>
> ------------------------------------------
>
> [Reference]
> http://exim.org/static/doc/security/CVE-2019-15846.txt
Use CVE-2019-15846.
--
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
|
