Vulnerability Name:

CVE-2005-0021 (CCN-16308)

Assigned:2004-05-28
Published:2004-05-28
Updated:2017-10-11
Summary:Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Fri May 28 2004 - 18:02:48 CDT
EnderUNIX Security Anouncement (Isoqlog and Spamguard)

Source: MITRE
Type: CNA
CVE-2004-2571

Source: MITRE
Type: CNA
CVE-2005-0021

Source: CONFIRM
Type: UNKNOWN
http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44

Source: CCN
Type: RHSA-2005-025
exim security update

Source: CCN
Type: SA11741
Isoqlog Multiple Buffer Overflow Vulnerabilities

Source: GENTOO
Type: Vendor Advisory
GLSA-200501-23

Source: CCN
Type: SECTRACK ID: 1010292
Isoqlog Buffer Overflows May Let Remote Users Execute Arbitrary Code

Source: CCN
Type: CIAC Information Bulletin P-097
Debian Exim Buffer Overflow

Source: DEBIAN
Type: Vendor Advisory
DSA-635

Source: DEBIAN
Type: Vendor Advisory
DSA-637

Source: DEBIAN
Type: DSA-635
exim -- buffer overflow

Source: DEBIAN
Type: DSA-637
exim-tls -- buffer overflow

Source: CCN
Type: Isoqlog Web page
EnderUNIX Software Development Team

Source: MLIST
Type: UNKNOWN
[exim] 20050104 2 smallish security issues

Source: CCN
Type: GLSA-200501-23
Exim: Two buffer overflows

Source: IDEFENSE
Type: Vendor Advisory
20050107 Exim host_aton() Buffer Overflow Vulnerability

Source: IDEFENSE
Type: Exploit, Vendor Advisory
20050114 Exim dns_buld_reverse() Buffer Overflow Vulnerability

Source: CCN
Type: US-CERT VU#132992
Exim vulnerable to buffer overflow via the dns_build_reverse() routine

Source: CERT-VN
Type: Patch, US Government Resource
VU#132992

Source: CCN
Type: OSVDB ID: 23576
EnderUNIX isoqlog Dir.c Unspecified Function Overflow

Source: CCN
Type: OSVDB ID: 23577
EnderUNIX isoqlog loadconfig.c Multiple Function Overflow

Source: CCN
Type: OSVDB ID: 23578
EnderUNIX isoqlog LangCfg.c LoadLang Function Overflow

Source: CCN
Type: OSVDB ID: 23579
EnderUNIX isoqlog Html.c Unspecified Function Overflow

Source: CCN
Type: OSVDB ID: 6534
EnderUNIX isoqlog Parser.c Multiple Function Remote Overflow

Source: REDHAT
Type: Patch
RHSA-2005:025

Source: CCN
Type: BID-10433
Isoqlog Multiple Buffer Overflow Vulnerabilities

Source: CCN
Type: USN-56-1
exim4 vulnerabilities

Source: XF
Type: UNKNOWN
isoqlog-multiple-bo(16308)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10347

Source: SUSE
Type: SUSE-SR:2005:002
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:university_of_cambridge:exim:*:*:*:*:*:*:*:* (Version <= 4.40)
  • OR cpe:/a:university_of_cambridge:exim:4.41:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_cambridge:exim:4.42:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2005-0021 (CCN-18763)

    Assigned:2005-01-04
    Published:2005-01-04
    Updated:2005-01-04
    Summary:Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
    CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Privileges
    References:Source: MITRE
    Type: CNA
    CVE-2005-0021

    Source: CCN
    Type: RHSA-2005-025
    exim security update

    Source: CCN
    Type: CIAC Information Bulletin P-097
    Debian Exim Buffer Overflow

    Source: DEBIAN
    Type: DSA-635
    exim -- buffer overflow

    Source: DEBIAN
    Type: DSA-637
    exim-tls -- buffer overflow

    Source: CCN
    Type: Exim-Announce Mailing List, Tue, 4 Jan 2005 14:54:45 +0000 (GMT)
    [exim-announce] 2 smallish security issues

    Source: CCN
    Type: GLSA-200501-23
    Exim: Two buffer overflows

    Source: CCN
    Type: US-CERT VU#132992
    Exim vulnerable to buffer overflow via the dns_build_reverse() routine

    Source: CCN
    Type: BID-12185
    Exim Illegal IPv6 Address Buffer Overflow Vulnerability

    Source: CCN
    Type: USN-56-1
    exim4 vulnerabilities

    Source: XF
    Type: UNKNOWN
    exim-hostaton-bo(18763)

    Source: SUSE
    Type: SUSE-SR:2005:002
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10347
    V
    		Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
    2013-04-29
    oval:com.redhat.rhsa:def:20050025
    P
    		RHSA-2005:025: exim security update (Moderate)
    2005-02-15
    oval:org.debian:def:637
    V
    		buffer overflow
    2005-01-13
    oval:org.debian:def:635
    V
    		buffer overflow
    2005-01-12
    BACK
    university_of_cambridge exim *
    university_of_cambridge exim 4.41
    university_of_cambridge exim 4.42