Bug 1069857 (CVE-2017-16943) - VUL-0: CVE-2017-16943: exim: The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89allows remote attackers to execute arbitrary code or cause a denial of service(use-after-free) via vectors involving BDAT commands.
Summary: VUL-0: CVE-2017-16943: exim: The receive_msg function in receive.c in the SMT...
Status: RESOLVED FIXED
Alias: CVE-2017-16943
Product: openSUSE Distribution
Classification: openSUSE
Component: Other (show other bugs)
Version: Leap 42.3
Hardware: Other Other
: P3 - Medium : Critical (vote)
Target Milestone: ---
Assignee: Forgotten User 4yKfwBnymp
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/195652/
Whiteboard: CVSSv3:RedHat:CVE-2017-16943:9.8:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-27 06:27 UTC by Marcus Meissner
Modified: 2024-07-15 17:05 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
exim-CVE-2017-16943.patch (1.44 KB, patch)
2017-11-27 06:43 UTC, Marcus Meissner 		Details | Diff
exim-CVE-2017-16943.patch updated for exim 4.86 (1.02 KB, patch)
2017-11-27 07:51 UTC, Peter Wullinger 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-11-27 06:27:08 UTC 
CVE-2017-16943

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89
allows remote attackers to execute arbitrary code or cause a denial of service
(use-after-free) via vectors involving BDAT commands.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16943
http://seclists.org/oss-sec/2017/q4/326
http://www.cvedetails.com/cve/CVE-2017-16943/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16943
https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
https://bugs.exim.org/show_bug.cgi?id=2199
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
Comment 1 Marcus Meissner 2017-11-27 06:43:41 UTC 
Created attachment 750123 [details]
exim-CVE-2017-16943.patch

exim-CVE-2017-16943.patch
Comment 2 Peter Wullinger 2017-11-27 07:51:19 UTC 
Created attachment 750134 [details]
exim-CVE-2017-16943.patch updated for exim 4.86

exim-CVE-2017-16943.patch updated for exim 4.86
Comment 3 Peter Wullinger 2017-11-27 07:57:36 UTC 
AFAIR exim 4.86 does not support BDAT, but that does not mean that there are not other possibilities to trigger the problematic code path, which does exist in 4.86.
Comment 4 Bernhard Wiedemann 2017-11-27 10:40:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1069857) was mentioned in
https://build.opensuse.org/request/show/545914 Factory / exim
Comment 5 Bernhard Wiedemann 2017-11-27 11:20:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1069857) was mentioned in
https://build.opensuse.org/request/show/545933 Factory / exim
Comment 6 Marcus Meissner 2017-11-29 08:09:33 UTC 
    CVE-2017-16943  (RCE)       Exim Bug 2199
        master:             4e6ae6235c68de243b1c2419027472d7659aa2b4
        exim-4_89+fixes:    4090d62a4b25782129cc1643596dc2f6e8f63bde
    Fix done by Jeremy Harrys
Comment 7 Andreas Stieger 2017-12-05 20:57:06 UTC 
releasing for Leap. done
Comment 8 Swamp Workflow Management 2017-12-06 02:09:03 UTC 
openSUSE-SU-2017:3220-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1069857
CVE References: CVE-2017-16943
Sources used:
openSUSE Leap 42.3 (src):    exim-4.86.2-17.1
openSUSE Leap 42.2 (src):    exim-4.86.2-10.9.1
Comment 9 OBSbugzilla Bot 2024-07-15 17:05:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1069857) was mentioned in
https://build.opensuse.org/request/show/1187597 Backports:SLE-15-SP6 / exim