SB2017070413 - Memory corruption in exim (Alpine package) 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017070413

SB2017070413 - Memory corruption in exim (Alpine package)

Published: July 4, 2017

Security Bulletin ID SB2017070413
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Memory corruption (CVE-ID: CVE-2017-1000369)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to memory management errors in implementation of various functions under multiple operating systems. A local or remote attacker can overflow group_list[] buffer in Exim main() function to manipulate the heap/stack, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


Remediation

Install update from vendor's website.

References