From: Progeny Security Team <security@progeny.com>
Subject: PROGENY-SA-2001-17: exim
Date: Tue, 26 Jun 2001 15:22:39 -0500 (EST)
---------------------------------------------------------------------------
PROGENY SERVICE NETWORK -- SECURITY ADVISORY PROGENY-SA-2001-17
---------------------------------------------------------------------------
Synopsis: Potential security problem with exim
Software: exim
History:
2001-06-06 Vulnerability announced
2001-06-25 Update available in Progeny archive
2001-06-26 Advisory released
Credits: Megyer Laszlo <lez@sch.bme.hu>
Foldi Tamas <crow@kapu.hu>
Affects: Progeny Debian (exim prior to 3.16-4progeny2)
Debian GNU/Linux (exim prior to 3.12-10.1)
Progeny Only: NO
Vendor-Status: New Version Released
(exim_3.16-4progeny2)
$Progeny: security/advisory/PROGENY-SA-2001-17,v 1.2 2001/06/26 20:14:34 jgoerzen Exp $
---------------------------------------------------------------------------
SUMMARY
People running Progeny systems may be vulnerable to unauthorized local
access if the following two criteria are met:
* The server is running exim.
* The headers_check_syntax option is enabled.
By default, Progeny systems use the Postfix mail server and the
Progeny exim package ships with the headers_check_syntax option
disabled, so customers running a default Progeny installation are not
vulnerable to this issue.
DETAILED DESCRIPTION
The exim mail server contains a printf(3) vulnerability that could
allow unauthorized local access if the headers_check_syntax option is
turned on.
This is triggered by malformed email headers containing format
strings, and is only a problem when run in batch mode (hence only can
be triggered by local users).
SOLUTION (See also: UPDATING VIA APT-GET)
Upgrade to a fixed version of exim. exim version 3.16-4progeny2
corrects the problem. For your convenience, you may upgrade to the
exim_3.16-4progeny2 package.
UPDATING VIA APT-GET
1. Ensure that your /etc/apt/sources.list file has a URI for Progeny's
update repository:
deb http://archive.progeny.com/progeny updates/newton/
2. Update your cache of available packages for apt(8).
Example:
# apt-get update
3. Using apt(8), install the new package. apt(8) will download the
update, verify its integrity with md5, and then install the
package on your system with dpkg(8).
Example:
# apt-get install exim
UPDATING VIA DPKG
1. Use your preferred FTP/HTTP client to retrieve the following
updated files from Progeny's update archive at:
http://archive.progeny.com/progeny/updates/newton/
MD5 Checksum Filename
-------------------------------- -------------------------------------
d94b0457e884c6e22a6f5c1a6f46f1e2 exim_3.16-4progeny2_i386.deb
Example:
$ wget \
http://archive.progeny.com/progeny/updates/newton/exim_3.16-4progeny2_i386.deb
2. Use the md5sum(1) command on the retrieved files to verify that
they match the MD5 checksum provided in this advisory:
Example:
$ md5sum exim_3.16-4progeny2_i386.deb
3. Then install the replacement package(s) using dpkg(8).
Example:
# dpkg --install exim_3.16-4progeny2_i386.deb
WORKAROUND
As an alternative to the above solution, you may disable the
headers_check_syntax option or switch to different mail server
software.
MORE INFORMATION
http://www.securityfocus.com/bid/2828/http://www.securityfocus.com/archive/1/189026
Progeny advisories can be found at http://www.progeny.com/security/.