CVE-2018-6789

Published: 7 February 2018

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

Priority

Cvss 3 Severity Score

9.8

Score breakdown

Status

Package	Release	Status
exim4 Launchpad, Ubuntu, Debian	artful	Released (4.89-5ubuntu1.3)
	trusty	Released (4.82-3ubuntu2.4)
	upstream	Released (4.90.1)
	xenial	Released (4.86.2-2ubuntu2.3)

Severity score breakdown

Parameter	Value
Base score	9.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

http://www.openwall.com/lists/oss-security/2018/02/07/2
https://exim.org/static/doc/security/CVE-2018-6789.txt
https://ubuntu.com/security/notices/USN-3565-1
https://www.cve.org/CVERecord?id=CVE-2018-6789
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›