Vulnerability Name:

CVE-2005-0022 (CCN-18764)

Assigned:2005-01-04
Published:2005-01-04
Updated:2017-10-11
Summary:Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2005-0022

Source: CONFIRM
Type: UNKNOWN
http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44

Source: BUGTRAQ
Type: UNKNOWN
20050212 exim auth_spa_server() PoC exploit

Source: CCN
Type: RHSA-2005-025
exim security update

Source: GENTOO
Type: Vendor Advisory
GLSA-200501-23

Source: CCN
Type: Exim-Announce Mailing List, Tue, 4 Jan 2005 14:54:45 +0000 (GMT)
[exim-announce] 2 smallish security issues

Source: MLIST
Type: Patch
[exim] 20050104 2 smallish security issues

Source: CCN
Type: GLSA-200501-23
Exim: Two buffer overflows

Source: IDEFENSE
Type: UNKNOWN
20050107 Exim auth_spa_server() Buffer Overflow Vulnerability

Source: REDHAT
Type: Patch
RHSA-2005:025

Source: BID
Type: UNKNOWN
12188

Source: CCN
Type: BID-12188
Exim SPA Authentication Remote Buffer Overflow Vulnerability

Source: CCN
Type: USN-56-1
exim4 vulnerabilities

Source: XF
Type: UNKNOWN
exim-spabase64tobits-bo(18764)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11293

Source: SUSE
Type: SUSE-SR:2005:002
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:university_of_cambridge:exim:*:*:*:*:*:*:*:* (Version <= 4.40)
  • OR cpe:/a:university_of_cambridge:exim:4.41:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_cambridge:exim:4.42:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:11293
    V
    		Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
    2013-04-29
    oval:com.redhat.rhsa:def:20050025
    P
    		RHSA-2005:025: exim security update (Moderate)
    2005-02-15
    BACK
    university_of_cambridge exim *
    university_of_cambridge exim 4.41
    university_of_cambridge exim 4.42