Debians sikkerhedsbulletin

DSA-058-1 exim -- lokalt printf-format-angreb

Rapporteret den:
10. jun 2001
Berørte pakker:
exim
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2001-0690.
Yderligere oplysninger:
Megyer Laszlo fandt en printf-format-fejl i postoverførselsagenten exim. Koden der kontrollerer en e-mails header-syntaks logger en fejl uden at beskytte sig selv mod printf-format-angreb. Fejlen kan kun udnyttes lokalt med parameteret -bS (i "batch SMTP"-tilstand).

Dette problem er rettet i version 3.12-10.1. Da koden ikke er slået til som standard, er standard-installationer ikke sårbare, men vi anbefaler stadig at du opgraderer din exim-pakke.

Rettet i:

Debian GNU/Linux 2.2 (potato)

Kildekode:
http://security.debian.org/dists/stable/updates/main/source/exim_3.12-10.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/exim_3.12-10.1.dsc
http://security.debian.org/dists/stable/updates/main/source/exim_3.12.orig.tar.gz
ARM:
http://security.debian.org/dists/stable/updates/main/binary-arm/exim_3.12-10.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/eximon_3.12-10.1_arm.deb
Alpha:
http://security.debian.org/dists/stable/updates/main/binary-alpha/exim_3.12-10.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/eximon_3.12-10.1_alpha.deb
Intel IA-32:
http://security.debian.org/dists/stable/updates/main/binary-i386/exim_3.12-10.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/eximon_3.12-10.1_i386.deb
Motorola 680x0:
http://security.debian.org/dists/stable/updates/main/binary-m68k/exim_3.12-10.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/eximon_3.12-10.1_m68k.deb
PowerPC:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/exim_3.12-10.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/eximon_3.12-10.1_powerpc.deb
Sun Sparc:
http://security.debian.org/dists/stable/updates/main/binary-sparc/exim_3.12-10.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/eximon_3.12-10.1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.