Heap Buffer Overflow Vulnerability in Exim Mail Transfer Agent
( Secunia Advisory SA40019, CVE-2010-4344 )
A heap buffer overflow vulnerability has been reported in the Exim Mail Transfer Agent. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system.
The Exim email server is a full featured mail transfer agent (MTA) distributed under the GPL. It is used on Unix-like platforms such as Debian GNU/Linux and has also been ported to other operating systems such as Windows. It can function as an SMTP server for incoming messages, as well as a SMTP or LMTP client for outgoing messages. A large number of Exim installations exist, especially within Internet service providers and universities in the UK.
This issue affects Exim versions 4.69 and earlier.
Check Point recommends that the patch that fixes this issue be applied as soon as is practical. In the meantime, Check Point IPS Software Blade and IPS-1 provide immediate network protection against this vulnerability. For more information, see CPAI-2010-348.
Last Updated: 11-Jan-2011