Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Progeny Security Advisory: Potential security problem with exim

Jun 26, 2001, 21:14 (0 Talkback[s])
From: Progeny Security Team <security@progeny.com>
Subject: PROGENY-SA-2001-17: exim
Date: Tue, 26 Jun 2001 15:22:39 -0500 (EST)


 ---------------------------------------------------------------------------
 PROGENY SERVICE NETWORK -- SECURITY ADVISORY             PROGENY-SA-2001-17
 ---------------------------------------------------------------------------

    Synopsis:       Potential security problem with exim

    Software:       exim

    History:
         2001-06-06 Vulnerability announced
         2001-06-25 Update available in Progeny archive
         2001-06-26 Advisory released

    Credits:        Megyer Laszlo <lez@sch.bme.hu>
                    Foldi Tamas <crow@kapu.hu>

    Affects:        Progeny Debian (exim prior to 3.16-4progeny2)
                    Debian GNU/Linux (exim prior to 3.12-10.1)

    Progeny Only:   NO

    Vendor-Status:  New Version Released
                    (exim_3.16-4progeny2)


    $Progeny: security/advisory/PROGENY-SA-2001-17,v 1.2 2001/06/26 20:14:34 jgoerzen Exp $

 ---------------------------------------------------------------------------


SUMMARY

People running Progeny systems may be vulnerable to unauthorized local
access if the following two criteria are met:

 * The server is running exim.

 * The headers_check_syntax option is enabled.

By default, Progeny systems use the Postfix mail server and the
Progeny exim package ships with the headers_check_syntax option
disabled, so customers running a default Progeny installation are not
vulnerable to this issue.


DETAILED DESCRIPTION

The exim mail server contains a printf(3) vulnerability that could
allow unauthorized local access if the headers_check_syntax option is
turned on. 

This is triggered by malformed email headers containing format
strings, and is only a problem when run in batch mode (hence only can
be triggered by local users).


SOLUTION (See also: UPDATING VIA APT-GET)

Upgrade to a fixed version of exim. exim version 3.16-4progeny2
corrects the problem. For your convenience, you may upgrade to the
exim_3.16-4progeny2 package.


UPDATING VIA APT-GET

 1. Ensure that your /etc/apt/sources.list file has a URI for Progeny's
    update repository:

        deb http://archive.progeny.com/progeny updates/newton/

 2. Update your cache of available packages for apt(8).

    Example:

        # apt-get update

 3. Using apt(8), install the new package. apt(8) will download the
    update, verify its integrity with md5, and then install the
    package on your system with dpkg(8).

    Example:

        # apt-get install exim


UPDATING VIA DPKG

 1. Use your preferred FTP/HTTP client to retrieve the following 
    updated files from Progeny's update archive at:

    http://archive.progeny.com/progeny/updates/newton/

    MD5 Checksum                     Filename                             
    -------------------------------- ------------------------------------- 
    d94b0457e884c6e22a6f5c1a6f46f1e2 exim_3.16-4progeny2_i386.deb

    Example:

        $ wget \
        http://archive.progeny.com/progeny/updates/newton/exim_3.16-4progeny2_i386.deb

 2. Use the md5sum(1) command on the retrieved files to verify that
    they match the MD5 checksum provided in this advisory:

    Example:

        $ md5sum exim_3.16-4progeny2_i386.deb

 3. Then install the replacement package(s) using dpkg(8).

    Example:

        # dpkg --install exim_3.16-4progeny2_i386.deb


WORKAROUND

As an alternative to the above solution, you may disable the
headers_check_syntax option or switch to different mail server
software.

MORE INFORMATION
http://www.securityfocus.com/bid/2828/
http://www.securityfocus.com/archive/1/189026

Progeny advisories can be found at http://www.progeny.com/security/.