GNU Glibc Remote Heap Buffer Overflow Vulnerability (Exim) Network Vulnerability

Summary

The remote exim is using a version of glibc which is prone to a heap-based buffer-overflow vulnerability.

Impact

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users.

Solution

Update you glibc and reboot.

Detection

Send a special crafted HELO request and check the response

References

http://www.gnu.org/software/libc/
http://www.securityfocus.com/bid/72325

Updated on 2015-03-25

Severity

Classification

CVE CVE-2015-0235

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

IceWarp Merak Mail Server 'Base64FileEncode()' Stack-Based Buffer Overflow Vulnerability
Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
SMTP too long line
SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
Sendmail long debug local overflow

GNU glibc Remote Heap Buffer Overflow Vulnerability (Exim)

Take action and discover your vulnerabilities