Gentoo Security Advisory GLSA 200501-23 (exim) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200501-23.

Solution

All Exim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/exim-4.43-r2' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-23 http://bugs.gentoo.org/show_bug.cgi?id=76893 http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html

Insight

Buffer overflow vulnerabilities, which could lead to arbitrary code execution, have been found in the handling of IPv6 addresses as well as in the SPA authentication mechanism in Exim.

Severity

Classification

CVE CVE-2005-0021, CVE-2005-0022
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200403-13 (mplayer)
Gentoo Security Advisory GLSA 200409-13 (lha)
Gentoo Security Advisory GLSA 200404-02 (kde-base/kde)
Gentoo Security Advisory GLSA 200405-09 (proftpd)
Gentoo Security Advisory GLSA 200406-07 (dev-util/subversion)

Take action and discover your vulnerabilities