Commit | Line | Data |
---|---|---|
c3aefacc HSHR |
1 | From cve-request@mitre.org Mon Sep 2 18:12:21 2019 |
2 | Return-Path: <cve-request@mitre.org> | |
3 | Authentication-Results: mx.net.schlittermann.de; iprev=pass | |
4 | (smtpvbsrv1.mitre.org) smtp.remote-ip=198.49.146.234; spf=pass | |
5 | smtp.mailfrom=mitre.org; dkim=pass header.d=mitre.org header.s=selector1 | |
6 | header.a=rsa-sha256; dmarc=pass header.from=mitre.org | |
7 | From: cve-request@mitre.org | |
8 | To: hs@schlittermann.de | |
9 | Cc: cve-request@mitre.org | |
10 | Subject: Re: [scr749683] one CVE | |
11 | Date: Mon, 2 Sep 2019 12:12:12 -0400 (EDT) | |
12 | MIME-Version: 1.0 | |
13 | Content-Transfer-Encoding: 8bit | |
14 | Content-Type: text/plain; charset=utf-8 | |
15 | Status: RO | |
16 | ||
17 | > [Suggested description] | |
18 | > The SMTP Delivery process in Exim 4.92.1 has a Buffer Overflow. | |
19 | > In the default runtime configuration, this is exploitable with crafted | |
20 | > Server Name Indication (SNI) data during a TLS negotiation. In other | |
21 | > configurations, it is exploitable with a crafted client TLS certificate. | |
22 | > | |
23 | > ------------------------------------------ | |
24 | > | |
25 | > [Additional Information] | |
26 | > It's the first CVE I request, so if there is anything missing, please tell me | |
27 | > | |
28 | > ------------------------------------------ | |
29 | > | |
30 | > [Vulnerability Type] | |
31 | > Buffer Overflow | |
32 | > | |
33 | > ------------------------------------------ | |
34 | > | |
35 | > [Vendor of Product] | |
36 | > Exim Development Team | |
37 | > | |
38 | > ------------------------------------------ | |
39 | > | |
40 | > [Affected Product Code Base] | |
41 | > Exim - 4.92.1 | |
42 | > | |
43 | > ------------------------------------------ | |
44 | > | |
45 | > [Affected Component] | |
46 | > SMTP Delivery process | |
47 | > | |
48 | > ------------------------------------------ | |
49 | > | |
50 | > [Attack Type] | |
51 | > Remote | |
52 | > | |
53 | > ------------------------------------------ | |
54 | > | |
55 | > [Impact Code execution] | |
56 | > true | |
57 | > | |
58 | > ------------------------------------------ | |
59 | > | |
60 | > [Attack Vectors] | |
61 | > To exploit the vulnerability the attacker needs a crafted client TLS | |
62 | > certificate or a crafted SNI. While the first attack vector needs a | |
63 | > non-default runtime configuration, the latter one should work with the | |
64 | > default runtime config. | |
65 | > | |
66 | > ------------------------------------------ | |
67 | > | |
68 | > [Discoverer] | |
69 | > zerons zerons <sironhide0null@gmail.com> | |
70 | > | |
71 | > ------------------------------------------ | |
72 | > | |
73 | > [Reference] | |
74 | > http://exim.org/static/doc/security/CVE-2019-15846.txt | |
75 | ||
76 | Use CVE-2019-15846. | |
77 | ||
78 | ||
79 | -- | |
80 | CVE Assignment Team | |
81 | M/S M300, 202 Burlington Road, Bedford, MA 01730 USA | |
82 | [ A PGP key is available for encrypted communications at | |
83 | http://cve.mitre.org/cve/request_id.html ] | |
84 |