Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 527
Alerts This Week
Warning Icon 1 527

Ubuntu 12.04: USN-1747-1 High: Bind Remote Exploit Vulnerability

ubuntu
Calendar Grey May 10, 2011
Scroller Ubuntu
Exim on Ubuntu has a vulnerability that may permit unauthorized code execution in certain scenarios; ensure you apply the latest patch to resolve the flaw thoroughly.
Exim could be made to run arbitrary code under some conditions.

Summary

Exim could be made to run arbitrary code under some conditions.

Software Description:

- exim4: Exim mail transfer agent

Details:

It was discovered that the Exim daemon did not correctly handle format

strings in DKIM headers. An unauthenticated remote attacker could send

specially crafted email to run arbitrary code as the Exim user. The

default compiler options for affected releases reduces the vulnerability

to a denial of service under most conditions.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  exim4-daemon-custom             4.74-1ubuntu1.1
  exim4-daemon-heavy              4.74-1ubuntu1.1
  exim4-daemon-light              4.74-1ubuntu1.1

Ubuntu 10.10:
  exim4-daemon-custom             4.72-1ubuntu1.2
  exim4-daemon-heavy              4.72-1ubuntu1.2
  exim4-daemon-light              4.72-1ubuntu1.2

Ubuntu 10.04 LTS:
  exim4-daemon-custom             4.71-3ubuntu1.2
  exim4-daemon-heavy              4.71-3ubuntu1.2
  exim4-daemon-light              4.71-3ubuntu1.2

In general, a standard system update will make all the necessary changes.

References

CVE-2011-1764

May 10, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.