November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Defense Contractor Themed Spearphishing
October 1, 2019Rewterz Threat Advisory – CVE-2019-6008 – ICS: Yokogawa Products Vulnerability
October 2, 2019Rewterz Threat Alert – Defense Contractor Themed Spearphishing
October 1, 2019Rewterz Threat Advisory – CVE-2019-6008 – ICS: Yokogawa Products Vulnerability
October 2, 2019
Severity
Medium
Analysis Summary
Exim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the string_vformat function in string.c. By sending an overly-long EHLO string, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Impact
Unauthorized Access
Affected Vendors
Exim
Affected Products
- Exim Exim 4.92
- Exim Exim 4.92.1
- Exim Exim 4.92.2
Remediation
Upgrade to the latest version of Exim (4.92.3 or later)