Exim Remote Memory Corruption Vulnerability

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Exim Remote Memory Corruption Vulnerability

Gordon Dickens
A memory corruption vulnerability exists in Exim versions 4.69 and older. This vulnerability may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. The vulnerability relies upon "rejected_header" being enabled (default setting) in the log_selector configuration.

To resolve this issue on Linux systems, users are urged to upgrade to a version of exim that is 4.70 or higher. FreeBSD systems should be running Exim 4.72 by default, which is not affected by this issue.

Additional information regarding this vulnerability is discussed on the exim mailing list.  The following post includes the Exim development team's response:

http://www.exim.org/lurker/message/20101210.164935.385e04d0.en.html

In summary, the exim team responded in the aformentioned post as follows:

> Given that the remote flaw was fixed over a year ago and does not affect
> current releases of Exim, and given the existence of the
> ALT_CONFIG_ROOT_ONLY option to avoid the local privilege escalation, the
> Exim team has decided that there is no immediate need to rush a new
> release of Exim out the door.
>
> We plan to remove the ALT_CONFIG_ROOT_ONLY option (making the code
> always behave as it currently does if that option is set), and then take
> steps to restore the esoteric functionality that is lost by doing so,
> and release a new version of Exim in good time.

FYI,

Gordon


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users