Bug 1836362 (CVE-2020-12783) - CVE-2020-12783 exim: out-of-bounds read in the SPA authenticator can lead to SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c
Summary: CVE-2020-12783 exim: out-of-bounds read in the SPA authenticator can lead to ...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2020-12783
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1836363 1836364
Blocks: 1836365
TreeView+ depends on / blocked
 
Reported: 2020-05-15 17:22 UTC by Guilherme de Almeida Suckevicz
Modified: 2020-07-08 19:06 UTC (History)
5 users (show)

Fixed In Version: exim 4.94
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in exim in versions through 4.93. An out-of-bounds memory read in the SPA authenticator was found that could result in a SPA/NTLM authentication bypass. The highest threat from this vulnerability is to data confidentiality.
Clone Of:
Environment:
Last Closed: 2020-05-20 21:19:23 UTC


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-05-15 17:22:03 UTC
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

Reference:
https://bugs.exim.org/show_bug.cgi?id=2571

Upstream commits:
https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86
https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0

Comment 1 Guilherme de Almeida Suckevicz 2020-05-15 17:22:22 UTC
Created exim tracking bugs for this issue:

Affects: epel-all [bug 1836364]
Affects: fedora-all [bug 1836363]

Comment 6 Todd Cullum 2020-05-20 20:03:00 UTC
Statement:

This flaw does not affect Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, or Red Hat Enterprise Linux 8.

Comment 7 Product Security DevOps Team 2020-05-20 21:19:23 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12783


Note You need to log in before you can comment on or make changes to this bug.