Debian Security Advisory

DSA-058-1 exim -- local printf format attack

Date Reported:

10 Jun 2001

Affected Packages:

exim

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2001-0690.

More information:

Megyer Laszlo found a printf format bug in the exim mail transfer agent. The code that checks the header syntax of an email logs an error without protecting itself against printf format attacks. It's only exploitable locally with the -bS switch (in batched SMTP mode).

This problem has been fixed in version 3.12-10.1. Since that code is not turned on by default a standard installation is not vulnerable, but we still recommend to upgrade your exim package.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/stable/updates/main/source/exim_3.12-10.1.diff.gz; http://security.debian.org/dists/stable/updates/main/source/exim_3.12-10.1.dsc; http://security.debian.org/dists/stable/updates/main/source/exim_3.12.orig.tar.gz
ARM:: http://security.debian.org/dists/stable/updates/main/binary-arm/exim_3.12-10.1_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/eximon_3.12-10.1_arm.deb
Alpha:: http://security.debian.org/dists/stable/updates/main/binary-alpha/exim_3.12-10.1_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/eximon_3.12-10.1_alpha.deb
Intel IA-32:: http://security.debian.org/dists/stable/updates/main/binary-i386/exim_3.12-10.1_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/eximon_3.12-10.1_i386.deb
Motorola 680x0:: http://security.debian.org/dists/stable/updates/main/binary-m68k/exim_3.12-10.1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/eximon_3.12-10.1_m68k.deb
PowerPC:: http://security.debian.org/dists/stable/updates/main/binary-powerpc/exim_3.12-10.1_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/eximon_3.12-10.1_powerpc.deb
Sun Sparc:: http://security.debian.org/dists/stable/updates/main/binary-sparc/exim_3.12-10.1_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/eximon_3.12-10.1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.