Bug 1215784 (CVE-2023-42114) - VUL-0: CVE-2023-42114: exim: NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
Summary: VUL-0: CVE-2023-42114: exim: NTLM Challenge Out-Of-Bounds Read Information Di...
Status: RESOLVED FIXED
Alias: CVE-2023-42114
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.6
Hardware: Other Other
: P3 - Medium : Minor (vote)
Target Milestone: ---
Assignee: Peter Wullinger
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/380213/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-28 06:37 UTC by SMASH SMASH
Modified: 2024-07-15 17:05 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2023-09-28 06:37:27 UTC 
This vulnerability allows remote attackers to disclose sensitive information on
affected installations of Exim. Authentication is not required to exploit this
vulnerability.

The specific flaw exists within the handling of NTLM challenge requests. The
issue results from the lack of proper validation of user-supplied data, which
can result in a read past the end of an allocated data structure. An attacker
can leverage this vulnerability to disclose information in the context of the
service account.

06/06/22 – ZDI requested a PSIRT contact.

06/14/22 – ZDI reported the vulnerability to the vendor.

04/25/23 – ZDI asked for an update.

04/25/23 – The vendor asked us to re-send the reports.

05/10/23 – ZDI sent the vulnerability to the vendor.

09/25/23 – ZDI asked for an update and informed the vendor that we intend to
publish the case as a zero-day advisory on 09/27/23.

-- Mitigation: Given the nature of the vulnerability, the only salient
mitigation strategy is to restrict interaction with the application.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42114
Comment 1 OBSbugzilla Bot 2023-10-02 14:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1215784) was mentioned in
https://build.opensuse.org/request/show/1114823 Backports:SLE-12-SP4+Backports:SLE-15-SP4+Backports:SLE-15-SP5 / exim
https://build.opensuse.org/request/show/1114826 Factory / exim
Comment 2 Peter Wullinger 2023-10-04 06:35:06 UTC 
fixed in exim 4.96.1, Backports exim 4.94 has a patch.
Comment 3 Marcus Meissner 2023-10-05 13:05:40 UTC 
openSUSE-SU-2023:0293-1: An update that fixes three vulnerabilities is now available.

Category: security (critical)
Bug References: 1215784,1215785,1215786
CVE References: CVE-2023-42114,CVE-2023-42115,CVE-2023-42116
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    exim-4.94.2-bp155.5.3.1
openSUSE Backports SLE-15-SP4 (src):    exim-4.94.2-bp154.2.6.1
Comment 4 OBSbugzilla Bot 2024-07-15 17:05:24 UTC 
This is an autogenerated message for OBS integration:
This bug (1215784) was mentioned in
https://build.opensuse.org/request/show/1187597 Backports:SLE-15-SP6 / exim