Bug 1836362 (CVE-2020-12783)
| Summary: | CVE-2020-12783 exim: out-of-bounds read in the SPA authenticator can lead to SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | bennie.joubert, dwmw2, jskarvad, mbenatto, tremble |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | exim 4.94 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in exim in versions through 4.93. An out-of-bounds memory read in the SPA authenticator was found that could result in a SPA/NTLM authentication bypass. The highest threat from this vulnerability is to data confidentiality.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-05-20 21:19:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1836363, 1836364 | ||
| Bug Blocks: | 1836365 | ||
|
Description
Guilherme de Almeida Suckevicz
2020-05-15 17:22:03 UTC
Created exim tracking bugs for this issue: Affects: epel-all [bug 1836364] Affects: fedora-all [bug 1836363] Statement: This flaw does not affect Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, or Red Hat Enterprise Linux 8. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12783 |