

Rewterz Threat Alert – Defense Contractor Themed Spearphishing
October 1, 2019
Rewterz Threat Advisory – CVE-2019-6008 – ICS: Yokogawa Products Vulnerability
October 2, 2019
Rewterz Threat Alert – Defense Contractor Themed Spearphishing
October 1, 2019
Rewterz Threat Advisory – CVE-2019-6008 – ICS: Yokogawa Products Vulnerability
October 2, 2019Severity
Medium
Analysis Summary
Exim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the string_vformat function in string.c. By sending an overly-long EHLO string, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Impact
Unauthorized Access
Affected Vendors
Exim
Affected Products
- Exim Exim 4.92
- Exim Exim 4.92.1
- Exim Exim 4.92.2
Remediation
Upgrade to the latest version of Exim (4.92.3 or later)