exim -- two buffer overflow vulnerabilities

Description:

1. The function host_aton() can overflow a buffer if it is presented with an illegal IPv6 address that has more than 8 components.

2. The second report described a buffer overflow in the function spa_base64_to_bits(), which is part of the code for SPA authentication.

References:

List post: <http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html>(search)
List post: <http://marc.theaimsgroup.com/?l=bugtraq&m=110573573800377>(search)
CVE name CVE-2005-0021
CVE name CVE-2005-0022
BugTraq ID 12185
BugTraq ID 12188
BugTraq ID 12268

Affects:

exim <4.43+28_1
exim-ldap <4.43+28_1
exim-ldap2 <4.43+28_1
exim-mysql <4.43+28_1
exim-postgresql <4.43+28_1
exim-sa-exim <4.43+28_1

portaudit: exim -- two buffer overflow vulnerabilities

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>