Opened 22 months ago

Closed 22 months ago

Last modified 22 months ago

#12585 closed enhancement (fixed)

exim-4.92.3

Reported by: Bruce Dubbs Owned by: Tim Tassonis
Priority: high Milestone: 9.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by ken@…, 22 months ago

Posted on oss-security as well as to exim lists, by Heiko Schlitterman

Exim 4.92.3 released (security release)

CVE ID: CVE-2019-16928 Date: 2019-09-27 (CVE assigned) Version(s): from 4.92 up to and including 4.92.2 Reporter: QAX-A-TEAM <areuu@…> Reference: https://bugs.exim.org/show_bug.cgi?id=2449 Issue: Heap-based buffer overflow in string_vformat,

remote code execution seems to be possible

Conditions to be vulnerable =========================== All versions from (and including) 4.92 up to (and including) 4.92.2 are vulnerable.

Details =======

There is a heap-based buffer overflow in string_vformat (string.c). The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist.

Mitigation ==========

There is - beside updating the server - no known mitigation.

Fix ===

Download and build the fixed version 4.92.3

Tarballs: https://ftp.exim.org/pub/exim/exim4/ Git: https://github.com/Exim/exim.git (mirror)

git://git.exim.org/exim.git

  • tag exim-4.92.3
  • branch exim-4.92.3+fixes

The tagged commit is the officially released version. The +fixes branch isn't officially maintained, but contains the security fix *and* useful fixes.

The tarballs, the Git tag, and the Git commits are signed with my GPG key (same as I used to sign this mail.) If you can't install the above versions, ask your package maintainer for a version containing the backported fix. On request and depending on our resources we will support you in backporting the fix. (Please note, the Exim project officially doesn't support versions prior the current stable version.)

Timeline =========

  • 2019-09-27 Report as Bug 2499
  • 2019-09-28 Announcement to exim-maintainers, oss-security
  • 2019-09-28 Release 4.92.3, Release-Announcements to

exim-{announce,users,maintainers}, oss-security

comment:2 by Tim Tassonis, 22 months ago

Owner: changed from blfs-book to Tim Tassonis
Status: newassigned

comment:3 by Tim Tassonis, 22 months ago

Resolution: fixed
Status: assignedclosed

Fixed in revision 22211.

comment:4 by Douglas R. Reno, 22 months ago

Priority: normalhigh

Retroactively promote to high for CVE-2019-16928.

Note: See TracTickets for help on using tickets.