Signature Detail

SMTP: Vulnerable Exim Version (3.0 through 4.20)

This signature detects EXIM MTA SMTP server versions 3.0 through 4.20, which contain buffer overflow vulnerabilities. Attackers can remotely execute malicious code on the server.

Extended Description

A heap corruption vulnerability has been discovered in Exim. The problem occurs due to insufficient bounds checking when handling user-supplied SMTP EHLO/HELO data. As a result, it may be possible to overrun the bounds of a heap memory buffer. Although it is believed to be unlikely, this could theoretically be exploited to execute arbitrary code with the privileges of Exim. It may also be possible to trigger a denial of service condition.

Affected Products

• University of Cambridge Exim 3.0.0
• University of Cambridge Exim 3.11.0
• University of Cambridge Exim 3.12.0
• University of Cambridge Exim 3.13.0
• University of Cambridge Exim 3.14.0
• University of Cambridge Exim 3.15.0
• University of Cambridge Exim 3.16.0
• University of Cambridge Exim 3.17.0
• University of Cambridge Exim 3.18.0
• University of Cambridge Exim 3.19.0
• University of Cambridge Exim 3.20.0
• University of Cambridge Exim 3.21.0
• University of Cambridge Exim 3.22.0
• University of Cambridge Exim 3.3.0
• University of Cambridge Exim 3.30.0
• University of Cambridge Exim 3.3.0 1
• University of Cambridge Exim 3.3.0 2
• University of Cambridge Exim 3.31.0
• University of Cambridge Exim 3.32.0
• University of Cambridge Exim 3.33.0
• University of Cambridge Exim 3.34.0
• University of Cambridge Exim 3.35.0
• University of Cambridge Exim 3.36.0
• University of Cambridge Exim 4.10.0
• University of Cambridge Exim 4.20.0

References

• BugTraq: 8518
• CVE: CVE-2003-0743
• URL: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735
• URL: http://www.debian.org/security/2003/dsa-376