From: Progeny Security Team <security@progeny.com> To: progeny-security-announce@lists.progeny.com, progeny-debian@lists.progeny.com, bugtraq@securityfocus.com, linuxlist@securityportal.com Subject: [linsec] PROGENY-SA-2001-17: exim Date: Tue, 26 Jun 2001 15:22:39 -0500 (EST) Cc: security@progeny.com (Progeny Security Team) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 --------------------------------------------------------------------------- PROGENY SERVICE NETWORK -- SECURITY ADVISORY PROGENY-SA-2001-17 --------------------------------------------------------------------------- Synopsis: Potential security problem with exim Software: exim History: 2001-06-06 Vulnerability announced 2001-06-25 Update available in Progeny archive 2001-06-26 Advisory released Credits: Megyer Laszlo <lez@sch.bme.hu> Foldi Tamas <crow@kapu.hu> Affects: Progeny Debian (exim prior to 3.16-4progeny2) Debian GNU/Linux (exim prior to 3.12-10.1) Progeny Only: NO Vendor-Status: New Version Released (exim_3.16-4progeny2) $Progeny: security/advisory/PROGENY-SA-2001-17,v 1.2 2001/06/26 20:14:34 jgoerzen Exp $ --------------------------------------------------------------------------- SUMMARY People running Progeny systems may be vulnerable to unauthorized local access if the following two criteria are met: * The server is running exim. * The headers_check_syntax option is enabled. By default, Progeny systems use the Postfix mail server and the Progeny exim package ships with the headers_check_syntax option disabled, so customers running a default Progeny installation are not vulnerable to this issue. DETAILED DESCRIPTION The exim mail server contains a printf(3) vulnerability that could allow unauthorized local access if the headers_check_syntax option is turned on. This is triggered by malformed email headers containing format strings, and is only a problem when run in batch mode (hence only can be triggered by local users). SOLUTION (See also: UPDATING VIA APT-GET) Upgrade to a fixed version of exim. exim version 3.16-4progeny2 corrects the problem. For your convenience, you may upgrade to the exim_3.16-4progeny2 package. UPDATING VIA APT-GET 1. Ensure that your /etc/apt/sources.list file has a URI for Progeny's update repository: deb http://archive.progeny.com/progeny updates/newton/ 2. Update your cache of available packages for apt(8). Example: # apt-get update 3. Using apt(8), install the new package. apt(8) will download the update, verify its integrity with md5, and then install the package on your system with dpkg(8). Example: # apt-get install exim UPDATING VIA DPKG 1. Use your preferred FTP/HTTP client to retrieve the following updated files from Progeny's update archive at: http://archive.progeny.com/progeny/updates/newton/ MD5 Checksum Filename -------------------------------- ------------------------------------- d94b0457e884c6e22a6f5c1a6f46f1e2 exim_3.16-4progeny2_i386.deb Example: $ wget \ http://archive.progeny.com/progeny/updates/newton/exim_3.16-4progeny2_i386.deb 2. Use the md5sum(1) command on the retrieved files to verify that they match the MD5 checksum provided in this advisory: Example: $ md5sum exim_3.16-4progeny2_i386.deb 3. Then install the replacement package(s) using dpkg(8). Example: # dpkg --install exim_3.16-4progeny2_i386.deb WORKAROUND As an alternative to the above solution, you may disable the headers_check_syntax option or switch to different mail server software. MORE INFORMATION http://www.securityfocus.com/bid/2828/ http://www.securityfocus.com/archive/1/189026 Progeny advisories can be found at http://www.progeny.com/security/. --------------------------------------------------------------------------- pub 1024D/F92D4D1F 2001-04-04 Progeny Security Team <security@progeny.com> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDrKpVkRBACS4/hjUliUt9UGTHMUGSZpQlKfBk9OFHmyLHTdjyIBCWRMmOBn RRhag0FgPicVIDndoQvYw3+ESC/RtbuPCBf6DZ7S0+NHhm1SHEbZyHFLkRXJm+IS 29oFmKrfXnXHckCrJFDZbOznRF6dVe7hV8CYi3FtoTjlRbuiHPQCMuy4ewCghAfv eYxfB25AoTdBT7WiG8jd4w8D/iFweuqzTwcWtXEgDbDd21W9hNPLEELgguimCCdP l3GHqw/MUJpIvdYfYhCzTaf4VpvkM5xlJGAcelCUL9qAufwyU8U8JI2YzlbqSlO8 qRwaiwq9qisTKEBb3IQadFqug+ihVdUeP8cuXPvbUEbFt7ILWyUD/kntgFdf1Apo zZWlA/0SM45hV6yomcM7z08tyh4hZTrWX/RUJqe+U1niNAmzPg4P+r8SfXdIkjb2 fZT5h5cYLIiK+kUEkqyPmZwUlgMCCn4IYVd2pcKXKXWE8ympuf3E5wGYeiVpLBM/ th7qdEF87sViV8McfiRuXEonYrs1nSQZX+f4OxvTQqaP46u10rQsUHJvZ2VueSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBwcm9nZW55LmNvbT6IVwQTEQIAFwUCOsql WQULBwoDBAMVAwIDFgIBAheAAAoJEEnBfSP5LU0f/sUAnjDpQs5SnFotNJ7GeIWx Ftf7AvBBAJ0cygWS0XRXxJJq2PKbCbdln+i4d7kEDQQ6yqcjEBAA465SSuC/yvN7 WeZAN9XperqZtxLCVe8hLfrLZ+9/Xn2ysuEEe90rYe1X0HbsB/mInHF3VmT+XvHB VdDQ7o0VMw7aeDgprt3jDQgT8gIesSOhZvulDujmLhykE+FT/V4lKpqO8prv7Ujs AfuC7g/X2dcV1+imNOeivLaCM0+HrwUhdvifWFDwE97wBkrda/vhu9zs3NwMeBVN UYfkRLPm+DGUSQVrteNiYJchhqfJB0mjrd+3FgnpCVgdU4c42epZ2ez/WTgTchoT duMCd1sM9gzvQIih56KzxlGL82PVS2m0PNxSQ8iZpheMMGWregjpjpMRcrRbSXy+ WmPBacOiE/MyxXand+lGzig/9Srm6msUT5jE/lDcfySznJWH8B/fqD7KM5Z0ZM+b 3xV0PzGyMld+m3BfGolqsd5bpo8HaWCWsZVYfgdXjoDPYptsoPdLesN6WIAHA1kU n2kckccz4xOoI/8MqKhkzZe0q5a9sv6RLBWDeVLxJnDuXZgcwCc4OvpcR4HnOE7c U5VsyjYwTkzGWWuQxb8uxng3akHTK2PqeZAnC0tvtuwI7QFhOq/dzz+zHzVH2+Qh 55Aq6DjA9yEs3P7g31wb3duGdWtuIXn+N85GiJdZ1EmJESQCuOYOSHsV4bGxKcpg PIpoSr5QBAUtUOTwN+xC8nNjZtC5OzsAAwYP/1OD/eiEraGpy7Z9scgXBjjb1kly tgq06zGlSMWPEQoN3F87YeMiOsXSeDxJG+cnhvlys1Qoytp9/drsDLANi+Q61A/b aka2IJLudiDu4iUDFb1rgRUERBciA31karPf2IwNjdU8lbulHfxQcjtjj7rbSWOG gxzlPcLp2F5ee3h0qs+XW4UpD6K9f/u9gGT4nMr3owG06uNomlBAsGCVpk9XlRxG x96161vrbmTPUx/o6NhqHNuf5Zh8ZmxQ3PYydywiE9njOtS04TTad24qbdPlVQh2 kjkTdsMCFRGaAB8EYImMT3F0ofon1Q/XWZrRlhkZpzuAKLhdSOW5G+tygNy2IqsH wCYa/rDitYZeNN4EUb5At4HnSBCy86GFQgj+sDFO6yp+h7NLIMeTm0csaSbKEt6o cbn0iMaRbLdHmAm0UHATPho+M2brf3mTztvAPONta2FC9TP1L1ojTDd4mtO9IcdM hjOVqNbuyLXkWgPcSmwhhjB61p3/1M1Y/zfXxLOsi/XJlstYzzKzHa68F1e9dTEz kgeYo1hG5TqMKv1sXfPJHw4N/QVcLoUlpUJZ/kI2OQD5mAhCCZ9PbT2fT4gLhy7U sn0blh/R/0HFSFDwHgmx8mNfw7w0qFbba9/FEE8D5qhyyCx5KTk0OkvRL9OpzO7E jzjdcfb6B2XpgSC8iEYEGBECAAYFAjrKpyMACgkQScF9I/ktTR90vgCggiX108DO S3rhSkmfFuHey8w4RlIAn3nD+uCe+sjCFqVwb+LY2jO3ybjB =6dRm - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7OO1yScF9I/ktTR8RAggWAJ924DUDVBSma4mrwxLRoGUNuL4qBgCfXv1L X4P5lWGKslJivqkbtp4GISs= =jRCE -----END PGP SIGNATURE----- _______________________________________________ linux-security mailing list linux-security@lists.securityportal.com https://lists.securityportal.com/mailman/listinfo/linux-security http://www.securityportal.com/list/linux-security/