Debian Security Advisory

DSA-502-1 exim-tls -- buffer overflow

Date Reported:
11 May 2004
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 10290, BugTraq ID 10291.
In Mitre's CVE dictionary: CVE-2004-0399, CVE-2004-0400.
More information:

Georgi Guninski discovered two stack-based buffer overflows in exim and exim-tls. They cannot be exploited with the default configuration from the Debian system, though. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update:

  • CAN-2004-0399

    When "sender_verify = true" is configured in exim.conf a buffer overflow can happen during verification of the sender. This problem is fixed in exim 4.

  • CAN-2004-0400

    When headers_check_syntax is configured in exim.conf a buffer overflow can happen during the header check. This problem does also exist in exim 4.

For the stable distribution (woody) these problems have been fixed in version 3.35-3woody2.

The unstable distribution (sid) does not contain exim-tls anymore. The functionality has been incorporated in the main exim versions which have these problems fixed in version 3.36-11 for exim 3 and in version 4.33-1 for exim 4.

We recommend that you upgrade your exim-tls package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.