[exim.git] / doc / doc-txt / cve-2019-15846 / mitre.mbx

From cve-request@mitre.org Mon Sep  2 18:12:21 2019
Return-Path: <cve-request@mitre.org>
Authentication-Results: mx.net.schlittermann.de; iprev=pass
 (smtpvbsrv1.mitre.org) smtp.remote-ip=198.49.146.234; spf=pass
 smtp.mailfrom=mitre.org; dkim=pass header.d=mitre.org header.s=selector1
 header.a=rsa-sha256; dmarc=pass header.from=mitre.org
From: cve-request@mitre.org
To: hs@schlittermann.de
Cc: cve-request@mitre.org
Subject: Re: [scr749683] one CVE
Date: Mon,  2 Sep 2019 12:12:12 -0400 (EDT)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=utf-8
Status: RO

> [Suggested description]
> The SMTP Delivery process in Exim 4.92.1 has a Buffer Overflow.
> In the default runtime configuration, this is exploitable with crafted
> Server Name Indication (SNI) data during a TLS negotiation. In other
> configurations, it is exploitable with a crafted client TLS certificate.
> 
> ------------------------------------------
> 
> [Additional Information]
> It's the first CVE I request, so if there is anything missing, please tell me
> 
> ------------------------------------------
> 
> [Vulnerability Type]
> Buffer Overflow
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Exim Development Team
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> Exim - 4.92.1
> 
> ------------------------------------------
> 
> [Affected Component]
> SMTP Delivery process
> 
> ------------------------------------------
> 
> [Attack Type]
> Remote
> 
> ------------------------------------------
> 
> [Impact Code execution]
> true
> 
> ------------------------------------------
> 
> [Attack Vectors]
> To exploit the vulnerability the attacker needs a crafted client TLS
> certificate or a crafted SNI. While the first attack vector needs a
> non-default runtime configuration, the latter one should work with the
> default runtime config.
> 
> ------------------------------------------
> 
> [Discoverer]
> zerons zerons <sironhide0null@gmail.com>
> 
> ------------------------------------------
> 
> [Reference]
> http://exim.org/static/doc/security/CVE-2019-15846.txt

Use CVE-2019-15846.


-- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
Commit	Line	Data
c3aefacc HSHR	1	From cve-request@mitre.org Mon Sep 2 18:12:21 2019
	2	Return-Path: <cve-request@mitre.org>
	3	Authentication-Results: mx.net.schlittermann.de; iprev=pass
	4	(smtpvbsrv1.mitre.org) smtp.remote-ip=198.49.146.234; spf=pass
	5	smtp.mailfrom=mitre.org; dkim=pass header.d=mitre.org header.s=selector1
	6	header.a=rsa-sha256; dmarc=pass header.from=mitre.org
	7	From: cve-request@mitre.org
	8	To: hs@schlittermann.de
	9	Cc: cve-request@mitre.org
	10	Subject: Re: [scr749683] one CVE
	11	Date: Mon, 2 Sep 2019 12:12:12 -0400 (EDT)
	12	MIME-Version: 1.0
	13	Content-Transfer-Encoding: 8bit
	14	Content-Type: text/plain; charset=utf-8
	15	Status: RO
	16
	17	> [Suggested description]
	18	> The SMTP Delivery process in Exim 4.92.1 has a Buffer Overflow.
	19	> In the default runtime configuration, this is exploitable with crafted
	20	> Server Name Indication (SNI) data during a TLS negotiation. In other
	21	> configurations, it is exploitable with a crafted client TLS certificate.
	22	>
	23	> ------------------------------------------
	24	>
	25	> [Additional Information]
	26	> It's the first CVE I request, so if there is anything missing, please tell me
	27	>
	28	> ------------------------------------------
	29	>
	30	> [Vulnerability Type]
	31	> Buffer Overflow
	32	>
	33	> ------------------------------------------
	34	>
	35	> [Vendor of Product]
	36	> Exim Development Team
	37	>
	38	> ------------------------------------------
	39	>
	40	> [Affected Product Code Base]
	41	> Exim - 4.92.1
	42	>
	43	> ------------------------------------------
	44	>
	45	> [Affected Component]
	46	> SMTP Delivery process
	47	>
	48	> ------------------------------------------
	49	>
	50	> [Attack Type]
	51	> Remote
	52	>
	53	> ------------------------------------------
	54	>
	55	> [Impact Code execution]
	56	> true
	57	>
	58	> ------------------------------------------
	59	>
	60	> [Attack Vectors]
	61	> To exploit the vulnerability the attacker needs a crafted client TLS
	62	> certificate or a crafted SNI. While the first attack vector needs a
	63	> non-default runtime configuration, the latter one should work with the
	64	> default runtime config.
65	>
66	> ------------------------------------------
67	>
68	> [Discoverer]
69	> zerons zerons <sironhide0null@gmail.com>
70	>
71	> ------------------------------------------
72	>
73	> [Reference]
74	> http://exim.org/static/doc/security/CVE-2019-15846.txt
75
76	Use CVE-2019-15846.
77
78
79	--
80	CVE Assignment Team
81	M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
82	[ A PGP key is available for encrypted communications at
83	http://cve.mitre.org/cve/request_id.html ]
84