Security Information / 2012 / Security Information -- DSA-2566-1 exim4

Debian Security Advisory

DSA-2566-1 exim4 -- heap-based buffer overflow

Date Reported:

25 Oct 2012

Affected Packages:

exim4

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-5671.

More information:

It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in version 4.72-6+squeeze3.

For the testing distribution (wheezy), this problem has been fixed in version 4.80-5.1.

For the unstable distribution (sid), this problem has been fixed in version 4.80-5.1.

We recommend that you upgrade your exim4 packages.