[exim-dev] [Bug 3001] infoleak in SPA authenticator, client

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Exim Bugzilla at ->
Delete this message
Reply to this message
Author: Exim Bugzilla
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 3001] New: (placeholder)
Subject: [exim-dev] [Bug 3001] infoleak in SPA authenticator, client
https://bugs.exim.org/show_bug.cgi?id=3001

Jeremy Harris <jgh146exb@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|medium                      |high
           Assignee|unallocated@???        |jgh146exb@???
                 CC|                            |exim-dev@???
          Component|Unfiled                     |SMTP Authentication
            Summary|(placeholder)               |infoleak in SPA
                   |                            |authenticator, client


--- Comment #1 from Jeremy Harris <jgh146exb@???> ---
ZDI-CAN-17433 (Trend Micro)

A crafted SPA challenge from the server can cause the client authenticator
to read OOB; the data is then returned to the server.

Fix: validate the offset contained in the challenge, to avoid reading
past the end of the challenge data structure.

Vulnerable since at least 4.50, probably longer.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 3001] (placeholder)[exim-dev] [Bug 3001] infoleak in SPA authenticator, client->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)