From cve-request@mitre.org Mon Sep 2 18:12:21 2019 Return-Path: Authentication-Results: mx.net.schlittermann.de; iprev=pass (smtpvbsrv1.mitre.org) smtp.remote-ip=198.49.146.234; spf=pass smtp.mailfrom=mitre.org; dkim=pass header.d=mitre.org header.s=selector1 header.a=rsa-sha256; dmarc=pass header.from=mitre.org From: cve-request@mitre.org To: hs@schlittermann.de Cc: cve-request@mitre.org Subject: Re: [scr749683] one CVE Date: Mon, 2 Sep 2019 12:12:12 -0400 (EDT) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=utf-8 Status: RO > [Suggested description] > The SMTP Delivery process in Exim 4.92.1 has a Buffer Overflow. > In the default runtime configuration, this is exploitable with crafted > Server Name Indication (SNI) data during a TLS negotiation. In other > configurations, it is exploitable with a crafted client TLS certificate. > > ------------------------------------------ > > [Additional Information] > It's the first CVE I request, so if there is anything missing, please tell me > > ------------------------------------------ > > [Vulnerability Type] > Buffer Overflow > > ------------------------------------------ > > [Vendor of Product] > Exim Development Team > > ------------------------------------------ > > [Affected Product Code Base] > Exim - 4.92.1 > > ------------------------------------------ > > [Affected Component] > SMTP Delivery process > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Code execution] > true > > ------------------------------------------ > > [Attack Vectors] > To exploit the vulnerability the attacker needs a crafted client TLS > certificate or a crafted SNI. While the first attack vector needs a > non-default runtime configuration, the latter one should work with the > default runtime config. > > ------------------------------------------ > > [Discoverer] > zerons zerons > > ------------------------------------------ > > [Reference] > http://exim.org/static/doc/security/CVE-2019-15846.txt Use CVE-2019-15846. -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ]