Name | exim_heap_overflow |
CVE | CVE-2018-6789 |
Exploit Pack | CANVAS |
Description | exim_heap_overflow |
Notes | CVE Name: CVE-2018-6789 VENDOR: Exim NOTES: There is a buffer overflow in the b64decode function, this bug exists since the first commit of exim, hence ALL versions are affected. This exploit uses the SMTP method AUTH PLAIN in order to create a one-byte-overflow in the heap. This exploit has been tested on Ubuntu Server 16.04.5 LTS and Exim 4.86.2 with AUTH PLAIN enabled (without STARTTLS). VersionsAffected: All Exim versions below 4.90.1 Repeatability: Infinite References: https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789 Date public: 10/02/2018 CVSS: N/A |
Learn more about the CANVAS Exploit Pack here: CANVAS |