Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Ubuntu 23.10: Addressing Critical Risk of Exim SPF Bypass Vulnerability

ubuntu
Calendar Grey January 29, 2024
Dist Ubuntu Esm H88
Ensure to upgrade your Ubuntu installations to mitigate the Exim vulnerability that impacts various versions, thereby safeguarding against potential email spoofing threats.
Exim could be made to bypass an SPF protection mechanism if it received a specially crafted request.

Summary

Exim could be made to bypass an SPF protection mechanism if it received

a specially crafted request.

Software Description:

- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled certain requests.

A remote attacker could possibly use a published exploitation technique

to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass

of an SPF protection mechanism.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  exim4                           4.96-17ubuntu2.2
  exim4-base                      4.96-17ubuntu2.2
  eximon4                         4.96-17ubuntu2.2

Ubuntu 22.04 LTS:
  exim4                           4.95-4ubuntu2.5
  exim4-base                      4.95-4ubuntu2.5
  eximon4                         4.95-4ubuntu2.5

Ubuntu 20.04 LTS:
  exim4                           4.93-13ubuntu1.10
  exim4-base                      4.93-13ubuntu1.10
  eximon4                         4.93-13ubuntu1.10

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  exim4                           4.90.1-1ubuntu1.10+esm3
  exim4-base                      4.90.1-1ubuntu1.10+esm3
  eximon4                         4.90.1-1ubuntu1.10+esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  exim4                           4.86.2-2ubuntu2.6+esm6
  exim4-base                      4.86.2-2ubuntu2.6+esm6
  eximon4                         4.86.2-2ubuntu2.6+esm6

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6611-1

CVE-2023-51766

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6611-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.