PROBLEM:
Debian has issued an update for exim4. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
PLATFORM:
Debian: Version of package exim4
ABSTRACT:
It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code.
reference LINKS:
Debian Advisory: DSA 2232-1
Secunia Advisory: SA44478
DSA-2232-1 exim4
CVE-2011-1764
Vulnerability Report: Debian GNU/Linux 6.0
IMPACT ASSESSMENT:
High
Discussion:
The oldstable distribution (lenny) is not affected by this problem because it does not contain DKIM support.
For the stable distribution (squeeze), this problem has been fixed in version 4.72-6+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 4.75-3.
Impact:
It was discovered a vulnerability that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code.
Solution:
Debian recommend upgrade exim4 packages.