CVE-2018-6789

Impact:
Critical
Public Date:
2018-02-07
Bugzilla:
1543268: CVE-2018-6789 exim: buffer overflow in b64decode() function, possibly leading to remote code execution

The MITRE CVE dictionary describes this issue as:

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

Find out more about CVE-2018-6789 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of Exim as shipped in Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is already in the Extended Life Phase of its life cycle and Exim is not on the list of components supported via Red Hat Enterprise Linux 5 Extended Life-cycle Support (ELS) add-on, therefore there's currently no plan to address this issue in Red Hat Enterprise Linux 5. For more information about Red Hat Enterprise Linux 5 life cycle and ELS add-on scope of support, see:

https://access.redhat.com/support/policy/updates/errata/#Extended_Life_Cycle_Phase
https://access.redhat.com/articles/2901071

The Exim mail server is not shipped in Red Hat Enterprise Linux 6 and 7.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 8.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 exim Will not fix

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.