Russian Vulnerability Scanner Database

Back to List

BDU:2021-02766

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

Уязвимость компонента tls-openssl.c агента пересылки сообщений Exim, связанная с использованием памяти после ее освобождения, позволяющая нарушителю повысить привилегии в системе и выполнить произвольный код путем отправки специально сформированного запроса

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2020-28018

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28018
https://redos.red-soft.ru/updatesec/
https://www.cybersecurity-help.cz/vdb/SB2021050419
https://www.opennet.ru/opennews/art.shtml?num=55079
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt
https://security-tracker.debian.org/tracker/CVE-2020-28018
https://ubuntu.com/security/CVE-2020-28018
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/

Recommendations

Source: bdu

Использование рекомендаций:
Для Exim:
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt

Для РЕД ОС:
http://repo.red-soft.ru/redos/7.2c/x86_64/updates/

Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2020-28018

Для Ubuntu:
https://ubuntu.com/security/CVE-2020-28018

Для Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47

Для ОСОН Основа:
Обновление программного обеспечения exim4 до версии 4.92-8+deb10u6

Для ОС Astra Linux Special Edition 1.7:
обновить пакет exim4 до 4.92-8+deb10u6.astra.se19 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17

URL: https://bdu.fstec.ru/vul/2021-02766

Vulnerable Software (10)

Type: Configuration

Vendor: gnu general public license

Product: exim

Operating System: astra 4.7

Trait: 
{  "version_end_excluding": "4.94.1",  "version_start_including": "4.0"}

Source: bdu

Type: Configuration

Vendor: gnu general public license

Product: exim

Operating System: ubuntu 18.04 LTS

Trait: 
{  "version_end_excluding": "4.94.1",  "version_start_including": "4.0"}

Source: bdu

Type: Configuration

Vendor: gnu general public license

Product: exim

Operating System: debian gnu/linux 10

Trait: 
{  "version_end_excluding": "4.94.1",  "version_start_including": "4.0"}

Source: bdu

Type: Configuration

Vendor: gnu general public license

Product: exim

Operating System: ubuntu 20.10

Trait: 
{  "version_end_excluding": "4.94.1",  "version_start_including": "4.0"}

Source: bdu

Type: Configuration

Vendor: gnu general public license

Product: exim

Operating System: осон основа оnyx *

Trait: 
{  "version_end_excluding": "4.94.1",  "version_start_including": "4.0"}

Source: bdu

Type: Configuration

Vendor: gnu general public license

Product: exim

Operating System: debian gnu/linux 9

Trait: 
{  "version_end_excluding": "4.94.1",  "version_start_including": "4.0"}

Source: bdu

Type: Configuration

Vendor: gnu general public license

Product: exim

Operating System: redos 7.2

Trait: 
{  "version_end_excluding": "4.94.1",  "version_start_including": "4.0"}

Source: bdu

Type: Configuration

Vendor: gnu general public license

Product: exim

Operating System: ubuntu 20.04 LTS

Trait: 
{  "version_end_excluding": "4.94.1",  "version_start_including": "4.0"}

Source: bdu

Type: Configuration

Vendor: gnu general public license

Product: exim

Operating System: ubuntu 21.04

Trait: 
{  "version_end_excluding": "4.94.1",  "version_start_including": "4.0"}

Source: bdu

Type: Configuration

Vendor: gnu general public license

Product: exim

Operating System: astra 1.7

Trait: 
{  "version_end_excluding": "4.94.1",  "version_start_including": "4.0"}

Source: bdu