Debians sikkerhedsbulletin
DSA-376-2 exim -- bufferoverløb
- Rapporteret den:
- 4. sep 2003
- Berørte pakker:
- exim, exim-tls
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 8518.
I Mitres CVE-ordbog: CVE-2003-0743. - Yderligere oplysninger:
-
Der er et bufferoverløb i exim, som er Debians standardprogram til transport af post. Ved at levere en særligt fremstillet HELO- eller EHLO-kommando, kunne en angriber få en strengkonstant til at blive skrevet ud over slutningen af en buffer, der var allokeret på stakken. På nuværende tidspunkt menes denne sårbarhed ikke at kunne udnyttes til at udføre vilkårlig kode.
I den stabile distribution (woody) er dette problem rettet i exim version 3.35-1woody2 and exim-tls version 3.35-3woody1.
I den ustabile distribution (sid) er dette problem rettet i exim version 3.36-8. Den ustabile distribution indeholder ikke pakken exim-tls.
Vi anbefaler at du opdaterer din exim- eller exim-tls-pakke.
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.dsc
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.diff.gz
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.dsc
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.diff.gz
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_arm.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_arm.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_arm.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_i386.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_i386.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_m68k.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_m68k.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_m68k.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_mips.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mips.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mips.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_s390.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_s390.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_sparc.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_sparc.deb
- http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_sparc.deb
- http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.
MD5-kontrolsummer for de listede filer findes i den reviderede sikkerhedsbulletin.