Bug 223870 - mail/exim: remote code execution (CVE-2017-16943)
Summary: mail/exim: remote code execution (CVE-2017-16943)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Vsevolod Stakhov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-25 18:51 UTC by Gary
Modified: 2018-02-07 12:28 UTC (History)
2 users (show)

See Also:
pi: maintainer-feedback+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 commit-hook freebsd_committer 2017-11-27 07:56:15 UTC
A commit references this bug:

Author: vsevolod
Date: Mon Nov 27 07:55:18 UTC 2017
New revision: 454936
URL: https://svnweb.freebsd.org/changeset/ports/454936

Log:
  - Fix RCE vulnerability:

  The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89
  allows remote attackers to execute arbitrary code or cause a denial of service
  (use-after-free) via vectors involving BDAT commands.

  PR:		223870
  Submitted by:	Gary
  MFH:		2017Q4
  Security:	CVE-2017-16943

Changes:
  head/mail/exim/Makefile
  head/mail/exim/files/patch-CVE-2017-16943
Comment 2 commit-hook freebsd_committer 2017-11-28 08:54:17 UTC
A commit references this bug:

Author: vsevolod
Date: Tue Nov 28 08:54:00 UTC 2017
New revision: 455024
URL: https://svnweb.freebsd.org/changeset/ports/455024

Log:
  MFH: r454936

  - Fix RCE vulnerability:

  The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89
  allows remote attackers to execute arbitrary code or cause a denial of service
  (use-after-free) via vectors involving BDAT commands.

  PR:		223870
  Submitted by:	Gary
  Security:	68b29058-d348-11e7-b9fe-c13eb7bcbf4f

  Approved by:	ports-secteam (swills)

Changes:
_U  branches/2017Q4/
  branches/2017Q4/mail/exim/Makefile
  branches/2017Q4/mail/exim/files/patch-CVE-2017-16943