You are here

T-618: Debian update for exim4: Mail Transport Agent

May 9, 2011 - 7:00am

Addthis

PROBLEM:

Debian has issued an update for exim4. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

PLATFORM:

Debian: Version of package exim4

ABSTRACT:

It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code.

reference LINKS:

Debian Advisory: DSA 2232-1
Secunia Advisory: SA44478
DSA-2232-1 exim4
CVE-2011-1764
Vulnerability Report: Debian GNU/Linux 6.0

IMPACT ASSESSMENT:

High

Discussion:

The oldstable distribution (lenny) is not affected by this problem because it does not contain DKIM support.
For the stable distribution (squeeze), this problem has been fixed in version 4.72-6+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 4.75-3.

Impact:

It was discovered a vulnerability that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code.

Solution:

Debian recommend upgrade exim4 packages.

Download exim4 Packages
 

Addthis