[VIM] Exim - 2003, possible dupes?
security curmudgeon
jericho at attrition.org
Thu May 26 20:55:01 EDT 2005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0698
Buffer overflow in Exim before 4.21 allows remote attackers to cause a
denial of service via an SMTP EHLO/HELO command with a large number of
spaces followed by a NULL character and CRLF, which is not properly
trimmed before the "(no argument given)" string is appended to the buffer.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0743
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and
Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary
code via an invalid (1) HELO or (2) EHLO argument with a large number of
spaces followed by a NULL character and a newline.
1. dates are very close
2. SMTP
3. HELO/EHLO commands
4. "large number of spaces followed by a NULL char and a newline"
Based on those four points, this seems like a possible duplicate issue.
Thoughts?
More information about the VIM
mailing list