Gordon Dickens
2010-12-11 01:05:01 UTC
A memory corruption vulnerability exists in Exim versions 4.69 and
older. This vulnerability may lead to arbitrary code execution with the
privileges of the user executing the Exim daemon. The vulnerability
relies upon "rejected_header" being enabled (default setting) in the
log_selector configuration.
To resolve this issue on Linux systems, users are urged to upgrade to a
version of exim that is 4.70 or higher. FreeBSD systems should be
running Exim 4.72 by default, which is not affected by this issue.
Additional information regarding this vulnerability is discussed on the
exim mailing list. The following post includes the Exim development
team's response:
http://www.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Gordon
older. This vulnerability may lead to arbitrary code execution with the
privileges of the user executing the Exim daemon. The vulnerability
relies upon "rejected_header" being enabled (default setting) in the
log_selector configuration.
To resolve this issue on Linux systems, users are urged to upgrade to a
version of exim that is 4.70 or higher. FreeBSD systems should be
running Exim 4.72 by default, which is not affected by this issue.
Additional information regarding this vulnerability is discussed on the
exim mailing list. The following post includes the Exim development
team's response:
http://www.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Given that the remote flaw was fixed over a year ago and does not affect
current releases of Exim, and given the existence of the
ALT_CONFIG_ROOT_ONLY option to avoid the local privilege escalation, the
Exim team has decided that there is no immediate need to rush a new
release of Exim out the door.
We plan to remove the ALT_CONFIG_ROOT_ONLY option (making the code
always behave as it currently does if that option is set), and then take
steps to restore the esoteric functionality that is lost by doing so,
and release a new version of Exim in good time.
FYI,current releases of Exim, and given the existence of the
ALT_CONFIG_ROOT_ONLY option to avoid the local privilege escalation, the
Exim team has decided that there is no immediate need to rush a new
release of Exim out the door.
We plan to remove the ALT_CONFIG_ROOT_ONLY option (making the code
always behave as it currently does if that option is set), and then take
steps to restore the esoteric functionality that is lost by doing so,
and release a new version of Exim in good time.
Gordon