[VIM] Exim - 2003, possible dupes?

Steven M. Christey coley at linus.mitre.org
Sat May 28 15:14:08 EDT 2005

On Thu, 26 May 2005, security curmudgeon wrote:

> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0698
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0743
> 1. dates are very close
> 2. SMTP
> 3. HELO/EHLO commands
> 4. "large number of spaces followed by a NULL char and a newline"
> Based on those four points, this seems like a possible duplicate issue.
> Thoughts?

Yes, they're dupes.  The conclusive kicker for me is the announcement:

  20030814 [Exim] Minor security bug

which credits Nick Cleaton, whose post to Bugtraq appears soon afterward
and has all the details you mentioned.

I'm not sure why this duplicate occurred, as it should have been caught.
It looks like there were two separate candidate reservations.

Since CAN-2003-0743 appears to be in more widespread use, that will eb
preserved, and CAN-2003-0698 will be rejected.  See below.

- Steve

Candidate: CAN-2003-0698
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0698

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CAN-2003-0743.  Reason:
This candidate is a duplicate of CAN-2003-0743.  Notes: All CVE users
should reference CAN-2003-0743 instead of this candidate.  All
references and descriptions in this candidate have been removed to
prevent accidental usage.

Candidate: CAN-2003-0743
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0743
Reference: BUGTRAQ:20030901 exim remote heap overflow, probably not exploitable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106252015820395&w=2
Reference: VULN-DEV:20030903 Re: exim remote heap overflow, probably not exploitable
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=106264740820334&w=2
Reference: MLIST:[Exim] 20030814 Minor security bug
Reference: URL:http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html
Reference: MLIST:[Exim] 20030815 Minor security bug
Reference: URL:http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html
Reference: CONFIRM:http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog
Reference: CONFIRM:http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog
Reference: CONFIRM:http://www.exim.org/pipermail/exim-announce/2003q3/000094.html
Reference: DEBIAN:DSA-376
Reference: URL:http://www.debian.org/security/2003/dsa-376
Reference: CONECTIVA:CLA-2003:735
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735

Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36
and Exim 4 (exim4) before 4.21 may allow remote attackers to execute
arbitrary code via an invalid (1) HELO or (2) EHLO argument with a
large number of spaces followed by a NULL character and a newline,
which is not properly trimmed before the "(no argument given)" string
is appended to the buffer.

More information about the VIM mailing list