Project

General

Profile

Bug #7460

Bug #7459: Exim: Privilege escalation via multiple memory leaks (CVE-2017-1000369)

[3.7] exim: Privilege escalation via multiple memory leaks (CVE-2017-1000369)

Added by Alicha CH over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
06/29/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction
with other issues allows attackers to cause arbitrary code execution.

This affects exim version 4.89 and earlier.

Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21),
but it is not known if a new point release is available that addresses this issue at this time.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-1000369

Patch:

https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21

Associated revisions

Revision c36891f9 (diff)
Added by Natanael Copa over 1 year ago

community/exim: security fix for CVE-2017-1000369

fixes #7460

History

#1 Updated by Natanael Copa over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH over 1 year ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF