Spring navigering over

• Om Debian
• Nyheder
• Få fat i Debian
• Support
• Udviklerhjørnet
• Sideoversigt
• Søg

Debians sikkerhedsbulletin

DSA-376-2 exim -- bufferoverløb

Rapporteret den:

4. sep 2003

Berørte pakker:

exim, exim-tls

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 8518.
I Mitres CVE-ordbog: CVE-2003-0743.

Yderligere oplysninger:

Der er et bufferoverløb i exim, som er Debians standardprogram til transport af post. Ved at levere en særligt fremstillet HELO- eller EHLO-kommando, kunne en angriber få en strengkonstant til at blive skrevet ud over slutningen af en buffer, der var allokeret på stakken. På nuværende tidspunkt menes denne sårbarhed ikke at kunne udnyttes til at udføre vilkårlig kode.

I den stabile distribution (woody) er dette problem rettet i exim version 3.35-1woody2 and exim-tls version 3.35-3woody1.

I den ustabile distribution (sid) er dette problem rettet i exim version 3.36-8. Den ustabile distribution indeholder ikke pakken exim-tls.

Vi anbefaler at du opdaterer din exim- eller exim-tls-pakke.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.dsc

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.diff.gz

http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.dsc

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.diff.gz

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_alpha.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_alpha.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_arm.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_arm.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_i386.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_i386.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_ia64.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_ia64.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_ia64.deb

HPPA:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_hppa.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_hppa.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_m68k.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_m68k.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_mips.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mips.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_mipsel.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mipsel.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_powerpc.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_powerpc.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_s390.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_s390.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_sparc.deb

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_sparc.deb

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

MD5-kontrolsummer for de listede filer findes i den reviderede sikkerhedsbulletin.

Denne side findes også på følgende sprog:

Deutsch English español français 日本語 (Nihongo) Português Русский (Russkij) svenska

Sådan opsætter du standardsprogvalg for dokumenter