UBUNTU-CVE-2017-1000369

Source
https://ubuntu.com/security/CVE-2017-1000369
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000369.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-1000369
Related
Published
2017-06-19T15:00:00Z
Modified
2017-06-19T15:00:00Z
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.

References

Affected packages

Ubuntu:14.04:LTS / exim4

Package

Name
exim4
Purl
pkg:deb/ubuntu/exim4?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.82-3ubuntu2.3

Affected versions

4.*

4.80-7ubuntu3
4.80-7ubuntu4
4.80-9ubuntu1
4.80-9ubuntu2
4.82-3ubuntu1
4.82-3ubuntu2
4.82-3ubuntu2.1
4.82-3ubuntu2.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-base"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-base-dbgsym"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-config"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-daemon-heavy"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-daemon-heavy-dbg"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-daemon-heavy-dbgsym"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-daemon-light"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-daemon-light-dbg"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-daemon-light-dbgsym"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-dbg"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "exim4-dev"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "eximon4"
        },
        {
            "binary_version": "4.82-3ubuntu2.3",
            "binary_name": "eximon4-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / exim4

Package

Name
exim4
Purl
pkg:deb/ubuntu/exim4?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.86.2-2ubuntu2.2

Affected versions

4.*

4.86-3ubuntu1
4.86-7ubuntu1
4.86-7ubuntu2
4.86-7ubuntu3
4.86.2-2ubuntu1
4.86.2-2ubuntu2
4.86.2-2ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-base"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-base-dbgsym"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-config"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-daemon-heavy"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-daemon-heavy-dbg"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-daemon-heavy-dbgsym"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-daemon-light"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-daemon-light-dbg"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-daemon-light-dbgsym"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-dbg"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "exim4-dev"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "eximon4"
        },
        {
            "binary_version": "4.86.2-2ubuntu2.2",
            "binary_name": "eximon4-dbgsym"
        }
    ]
}