Debian: DSA-2131-1: New exim4 packages fix remote code execution

    Date10 Dec 2010
    CategoryDebian
    32
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been found in exim4 that allow a remote attacker to execute arbitrary code as root user. Exploits for these issues have been seen in the wild.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2131-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Stefan Fritsch
    December 10, 2010                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : exim4
    Vulnerability  : arbitrary code execution
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-4344
    
    Several vulnerabilities have been found in exim4 that allow a remote
    attacker to execute arbitrary code as root user. Exploits for these
    issues have been seen in the wild.
    
    This update fixes a memory corruption issue that allows a remote
    attacker to execute arbitrary code as the Debian-exim user
    (CVE-2010-4344).
    
    A fix for an additional issue that allows the Debian-exim user to
    obtain root privileges (CVE-2010-4345) is currently being checked for
    compatibility issues. It is not yet included in this upgrade but will
    released soon in an update to this advisory.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 4.69-9+lenny1.
    
    This advisory only contains the packages for the alpha, amd64, hppa,
    i386, ia64, powerpc, and s390 architectures. The packages for the
    arm, armel, mips, mipsel, and sparc architectures will be released
    as soon as they are built.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 4.70-1.
    
    We strongly recommend that you upgrade your exim4 packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny (stable)
    - -----------------------------------------
    
    Stable updates are available for alpha, amd64, hppa, i386, ia64, powerpc, and s390.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1.diff.gz
        Size/MD5 checksum:   540338 02b14a5203dad202b090d360b0b2dcc9
      http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69.orig.tar.gz
        Size/MD5 checksum:  1659309 f0176239d54546526f519e266182c019
      http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1.dsc
        Size/MD5 checksum:     1599 c4dbede4f942a293245a8b0e1345663b
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/e/exim4/exim4-config_4.69-9+lenny1_all.deb
        Size/MD5 checksum:   347928 2c69c70452196863d68efa0ddaf11899
      http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1_all.deb
        Size/MD5 checksum:     7456 34aca3975b72dcef0eff854c55382f99
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_alpha.deb
        Size/MD5 checksum:   107042 3c23a5ca361eae84d8206fcbd03be2ac
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_alpha.deb
        Size/MD5 checksum:   268366 61e70a2e40c28490c5439ea574a42a1e
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_alpha.deb
        Size/MD5 checksum:    70452 bd403eea6c21a33aabed594970bb7ca0
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_alpha.deb
        Size/MD5 checksum:   485246 4b73bb0a4969431ed2e1ba85f29cc33c
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_alpha.deb
        Size/MD5 checksum:   695552 06295b37a3d103ca6d1ca2600278efaa
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_alpha.deb
        Size/MD5 checksum:   545914 6d0656f5f30bdcf940a0ece3b0e766a6
      http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_alpha.deb
        Size/MD5 checksum:   997988 6ef1e3418c34bd8d9754dec44435301f
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_alpha.deb
        Size/MD5 checksum:   782276 76b5512c6462f2a6f51c8a47e69732ed
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_amd64.deb
        Size/MD5 checksum:   730276 02b380cb498097cb3ec5181b65379b52
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_amd64.deb
        Size/MD5 checksum:   270376 01b04f5b698a4d037abd7630101ac449
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_amd64.deb
        Size/MD5 checksum:   451556 ff86270a77ce1bdf92fdc259eb0215ad
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_amd64.deb
        Size/MD5 checksum:   822322 30718293430eb39c6d33a4c9857e4d33
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_amd64.deb
        Size/MD5 checksum:   503132 4a568aee8ee55837efabe0e721af541f
      http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_amd64.deb
        Size/MD5 checksum:   990794 79fb07ee829608b95a2fd362360d14ae
      http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_amd64.deb
        Size/MD5 checksum:   101578 2093fbcfc7fc0a725e663241459e4d1e
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_amd64.deb
        Size/MD5 checksum:    70436 bcd7d1ff8951ba07244caa0093e27bcd
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_hppa.deb
        Size/MD5 checksum:   459820 47f60e827fbae0082ab858475118c13f
      http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_hppa.deb
        Size/MD5 checksum:   104404 e698b32f0a154d793d4c15a85844ed94
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_hppa.deb
        Size/MD5 checksum:    70432 3b2159106cb03501521f9ea7bc762f13
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_hppa.deb
        Size/MD5 checksum:   797562 5df0c0e7b2ac32bd7db5701991d452c0
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_hppa.deb
        Size/MD5 checksum:   269638 a8c0c36e980a6b22368223b943c70b02
      http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_hppa.deb
        Size/MD5 checksum:   995296 0327487ce183070cc34c0b9ea92089ff
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_hppa.deb
        Size/MD5 checksum:   513740 93c376bc2945367b6b58011e41726d7c
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_hppa.deb
        Size/MD5 checksum:   708374 060dc9ae73ef8bb4b98f1eb7c1b78502
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_i386.deb
        Size/MD5 checksum:   422176 7da1afa89308957a060e3281b359d874
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_i386.deb
        Size/MD5 checksum:   758182 855b16b433613e5ea59363b99dc6a51c
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_i386.deb
        Size/MD5 checksum:   469844 cf0a48604846b8632b5356f7e621dcc5
      http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_i386.deb
        Size/MD5 checksum:   991462 6c09d3fe98c8871a27f1e7a15a063ad5
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_i386.deb
        Size/MD5 checksum:   673206 9ed34917a025ee6d32602cf09fe823e5
      http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_i386.deb
        Size/MD5 checksum:    98200 727f9dbc2991efe8615e6dcfd48a057a
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_i386.deb
        Size/MD5 checksum:    70440 fc1f17f43556c74bab524c60a47087b0
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_i386.deb
        Size/MD5 checksum:   263162 0b4541a79cd0b007ace3ef537faf5f86
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_ia64.deb
        Size/MD5 checksum:   808168 217648adc9beeaef0457a6b1ec344174
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_ia64.deb
        Size/MD5 checksum:   649130 08c2b30ac372463345ec2d0f791b7b27
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_ia64.deb
        Size/MD5 checksum:   268344 ad1fee4c3347d3196e3d6bca8cab611a
      http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_ia64.deb
        Size/MD5 checksum:   120268 94e425a8d0f7aac0493ea83533d174f2
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_ia64.deb
        Size/MD5 checksum:   725504 b504ff4c200e079847644cc1b67339e0
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_ia64.deb
        Size/MD5 checksum:    70428 80fb3a62362526ff7bd199fe9c9f4cee
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_ia64.deb
        Size/MD5 checksum:   719612 b6e8101c9b75122f4bd2752ea94d0c50
      http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_ia64.deb
        Size/MD5 checksum:  1001900 e0f2423c26bcff7999b1a573798ddc93
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_powerpc.deb
        Size/MD5 checksum:   516252 b4b01c81b24a0815fee01e63549d0fdb
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_powerpc.deb
        Size/MD5 checksum:   278010 28aafc3202b2b6c898c6bef9e3a3f8ae
      http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_powerpc.deb
        Size/MD5 checksum:   999716 f081a917ee8a7565b80a8a7e3f634714
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_powerpc.deb
        Size/MD5 checksum:    70450 b067c3c2532ab5562288e909fda32107
      http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_powerpc.deb
        Size/MD5 checksum:   106878 50dea9833a19929b7b45979f399362a4
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_powerpc.deb
        Size/MD5 checksum:   723668 d40607cc70449a3c74949c29d526e1bf
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_powerpc.deb
        Size/MD5 checksum:   461508 08ddcdeac3b248a42b3ad8415297e003
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_powerpc.deb
        Size/MD5 checksum:   812956 83c7f0c195df1fb6f378b6d9c2867824
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_s390.deb
        Size/MD5 checksum:   826020 fe652ff45f897f642b48d9b9e9bb4468
      http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_s390.deb
        Size/MD5 checksum:   103964 67a88572dd097a47cc5681257248c21e
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_s390.deb
        Size/MD5 checksum:   270662 df3284678ba711a0ea5a54a20bf0d2ab
      http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_s390.deb
        Size/MD5 checksum:    70462 58c68883e8e16f7c46ea4ed780c51804
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_s390.deb
        Size/MD5 checksum:   734468 eb2f61d7bf0f1d63e17ee7ea7e8b2f61
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_s390.deb
        Size/MD5 checksum:   498378 4494d9ef50447b9e5c5729bce31b01b3
      http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_s390.deb
        Size/MD5 checksum:   445274 0f34546a198f6c9f680dab68b42a361f
      http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_s390.deb
        Size/MD5 checksum:   998510 a5509affe7bee9a2d32da8fb60e38f34
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.