{"vuid":"VU#132992","idnumber":"132992","name":"Exim vulnerable to buffer overflow via the dns_build_reverse() routine","keywords":["Exim Mail transfer Agent","dns_build_reverse()","buffer overflow","privilege escalation"],"overview":"The Exim Mail Transfer Agent (MTA) contains a buffer overflow that allows a local attacker to execute arbitrary code.","clean_desc":"Exim MTA is an open-source mail transport agent distributed by the University of Cambridge. A lack of input validation on user supplied data may allow a buffer overflow to occur in Exim. If a local attacker supplies the Exim with a specially crafted command line options, that attacker may be able to cause a buffer overflow in the dns_build_reverse()routine. According to public reports, this vulnerability exists in Exim versions prior to 4.44.","impact":"A local attacker may be able to execute arbitrary code with elevated (root) privileges.","resolution":"Upgrade This issue has been addressed in Exim version 4.4.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by \niDEFENSE Inc.","author":"This document was written by Jeff Gennari.","public":["http://www.idefense.com/application/poi/display?id=183&type=vulnerabilit&flashstatus=false","http://www.securitytracker.com/alerts/2005/Jan/1012904.html","http://secunia.com/advisories/13713/","http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html"],"cveids":["CVE-2005-0021"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-01-18T13:52:21Z","publicdate":"2005-01-14T00:00:00Z","datefirstpublished":"2005-01-27T19:52:47Z","dateupdated":"2005-01-28T20:18:04Z","revision":69,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"17","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"5","cam_attackeraccessrequired":"7","cam_scorecurrent":"2.75625","cam_scorecurrentwidelyknown":"3.15","cam_scorecurrentwidelyknownexploited":"5.775","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.75625,"vulnote":null}