Bugzilla – Bug 1171490
VUL-0: CVE-2020-12783: exim: out-of-bounds read in the SPA authenticator which could lead to SPA/NTLM authentication bypass
Last modified: 2024-07-15 17:05:12 UTC
CVE-2020-12783 Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12783 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12783.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12783 https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0 https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86 https://bugs.exim.org/show_bug.cgi?id=2571
(In reply to Alexandros Toptsoglou from comment #0) > CVE-2020-12783 > > Exim through 4.93 has an out-of-bounds read in the SPA authenticator that > could > result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. > Thank you. New server:mail package now has the relevant fix(es) from 4.93+fixes.
fixed in server:mail and Factory as of Tue May 12.
This is an autogenerated message for OBS integration: This bug (1171490) was mentioned in https://build.opensuse.org/request/show/891096 15.2 / exim https://build.opensuse.org/request/show/891098 Backports:SLE-15-SP1 / exim
openSUSE-SU-2021:0677-1: An update that fixes 26 vulnerabilities is now available. Category: security (critical) Bug References: 1079832,1171490,1171877,1173693,1185631 CVE References: CVE-2017-1000369,CVE-2017-16943,CVE-2017-16944,CVE-2018-6789,CVE-2019-16928,CVE-2020-12783,CVE-2020-28007,CVE-2020-28008,CVE-2020-28009,CVE-2020-28010,CVE-2020-28011,CVE-2020-28012,CVE-2020-28013,CVE-2020-28014,CVE-2020-28015,CVE-2020-28016,CVE-2020-28017,CVE-2020-28018,CVE-2020-28019,CVE-2020-28020,CVE-2020-28021,CVE-2020-28022,CVE-2020-28023,CVE-2020-28024,CVE-2020-28025,CVE-2020-28026 JIRA References: Sources used: openSUSE Leap 15.2 (src): exim-4.94.2-lp152.8.3.1
openSUSE-SU-2021:0754-1: An update that fixes 26 vulnerabilities is now available. Category: security (critical) Bug References: 1079832,1171490,1171877,1173693,1185631 CVE References: CVE-2017-1000369,CVE-2017-16943,CVE-2017-16944,CVE-2018-6789,CVE-2019-16928,CVE-2020-12783,CVE-2020-28007,CVE-2020-28008,CVE-2020-28009,CVE-2020-28010,CVE-2020-28011,CVE-2020-28012,CVE-2020-28013,CVE-2020-28014,CVE-2020-28015,CVE-2020-28016,CVE-2020-28017,CVE-2020-28018,CVE-2020-28019,CVE-2020-28020,CVE-2020-28021,CVE-2020-28022,CVE-2020-28023,CVE-2020-28024,CVE-2020-28025,CVE-2020-28026 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): exim-4.94.2-bp152.6.4.1, libspf2-1.2.10-bp152.5.1
openSUSE-SU-2021:0753-1: An update that fixes 30 vulnerabilities is now available. Category: security (critical) Bug References: 1079832,1136587,1142207,1154183,1160726,1171490,1171877,1173693,1185631 CVE References: CVE-2017-1000369,CVE-2017-16943,CVE-2017-16944,CVE-2018-6789,CVE-2019-10149,CVE-2019-13917,CVE-2019-15846,CVE-2019-16928,CVE-2020-12783,CVE-2020-28007,CVE-2020-28008,CVE-2020-28009,CVE-2020-28010,CVE-2020-28011,CVE-2020-28012,CVE-2020-28013,CVE-2020-28014,CVE-2020-28015,CVE-2020-28016,CVE-2020-28017,CVE-2020-28018,CVE-2020-28019,CVE-2020-28020,CVE-2020-28021,CVE-2020-28022,CVE-2020-28023,CVE-2020-28024,CVE-2020-28025,CVE-2020-28026,CVE-2020-8015 JIRA References: Sources used: openSUSE Backports SLE-15-SP1 (src): exim-4.94.2-bp151.2.4.1, libspf2-1.2.10-bp151.4.1
This is an autogenerated message for OBS integration: This bug (1171490) was mentioned in https://build.opensuse.org/request/show/1187597 Backports:SLE-15-SP6 / exim