CVE-2005-0021

Publication date 2 May 2005

Last updated 17 July 2025

Ubuntu priority

Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
exim	7.04 feisty	Fixed 3.36-18ubuntu1
	6.10 edgy	Fixed 3.36-18ubuntu1
	6.06 LTS dapper	Fixed 3.36-18ubuntu1
exim4	7.04 feisty	Fixed 4.62-2
	6.10 edgy	Fixed 4.62-2
	6.06 LTS dapper	Fixed 4.60-3ubuntu3.1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-56-1
exim4 vulnerabilities
7 January 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0021