Debians sikkerhedsbulletin

DSA-376-2 exim -- bufferoverløb

Rapporteret den:
4. sep 2003
Berørte pakker:
exim, exim-tls
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 8518.
I Mitres CVE-ordbog: CVE-2003-0743.
Yderligere oplysninger:

Der er et bufferoverløb i exim, som er Debians standardprogram til transport af post. Ved at levere en særligt fremstillet HELO- eller EHLO-kommando, kunne en angriber få en strengkonstant til at blive skrevet ud over slutningen af en buffer, der var allokeret på stakken. På nuværende tidspunkt menes denne sårbarhed ikke at kunne udnyttes til at udføre vilkårlig kode.

I den stabile distribution (woody) er dette problem rettet i exim version 3.35-1woody2 and exim-tls version 3.35-3woody1.

I den ustabile distribution (sid) er dette problem rettet i exim version 3.36-8. Den ustabile distribution indeholder ikke pakken exim-tls.

Vi anbefaler at du opdaterer din exim- eller exim-tls-pakke.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.dsc
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.diff.gz
http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.dsc
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.diff.gz
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_alpha.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_alpha.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_arm.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_arm.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_i386.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_i386.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_ia64.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_ia64.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_hppa.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_hppa.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_m68k.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_m68k.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_mips.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mips.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_mipsel.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mipsel.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_powerpc.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_powerpc.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_s390.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_s390.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_sparc.deb
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_sparc.deb
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

MD5-kontrolsummer for de listede filer findes i den reviderede sikkerhedsbulletin.