A NOTE has been added to this issue. ====================================================================== https://www.opencsw.org/mantis/view.php?id=5317 ====================================================================== Reported By: barlavento Assigned To: ====================================================================== Project: exim Issue ID: 5317 Category: upgrade Reproducibility: unable to reproduce Severity: major Priority: normal Status: new ====================================================================== Date Submitted: 2018-03-09 16:32 CET Last Modified: 2018-03-21 16:31 CET ====================================================================== Summary: EXIM CVE-2018-6789 Description: CVE-2018-6789 =============
There is a buffer overflow in base64d(), if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. A patch exists already and is being tested. Currently we're unsure about the severity, we *believe*, an exploit is difficult. A mitigation isn't known. Timeline (UTC) -------------- * 2018-02-05 Report from Meh Chang <m...@devco.re> via exim-security mailing list * 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko) CVE-2018-6789 * 2018-02-07 Announcement to the public via exim-users, exim-maintainers mailing lists and on oss-security mailing list * 2018-02-08 16:50 Grant restricted access to the security repo for distro maintainers * 2018-02-09 One distro breaks the embargo * 2018-02-10 18:00 Grant public access to the our official git repo. ====================================================================== ---------------------------------------------------------------------- (0011273) barlavento (reporter) - 2018-03-21 16:31 https://www.opencsw.org/mantis/view.php?id=5317#c11273 ---------------------------------------------------------------------- I have to study on this, because this is new to me. Probably need to read some documentation first?
