Allele Security Alert
ASA-2019-00549
Identifier(s)
ASA-2019-00549, CVE-2019-16928
Title
Heap-based buffer overflow in string_vformat
Vendor(s)
The Exim Project
Product(s)
Exim
Affected version(s)
Exim versions from (and including) 4.92 up to (and including) 4.92.2
Fixed version(s)
Exim version 4.92.3
Proof of concept
Yes
Description
There is a heap-based buffer overflow in string_vformat (string.c). The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist.
Technical details
Unknown
Credits
QAX-A-TEAM
Reference(s)
Exim CVE-2019-16928 RCE using a heap-based buffer overflow
https://seclists.org/oss-sec/2019/q3/253
[PATCH] Fix buffer overflow in string_vformat. Bug 2449
https://git.exim.org/exim.git/patch/478effbfd9c3cc5a627fc671d4bf94d13670d65f
Bug 2449 – Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449
[exim-dev] [Bug 2449] New: Heap Overflow
https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html
Exim — heap-based buffer overflow in string_vformat leading to RCE
https://www.vuxml.org/freebsd/e917caba-e291-11e9-89f1-152fed202bb7.html
CVE-2019-16928
https://security-tracker.debian.org/tracker/CVE-2019-16928
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16928.html
CVE-2019-16928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16928
CVE-2019-16928
https://nvd.nist.gov/vuln/detail/CVE-2019-16928
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: September 29, 2019