April 23, 2014

In brief: New version of popular Exim mail server plugs remote code execution flaw

(LiveHacking.Com) – A new version of the popular Exim mail server has been released to plug a critical  remote code execution flaw exposed when built with DKIM support, which is the default. Exim 4.80.2 is identical to 4.80 except for the fixes required to plug the security hole.

According to a posting made on the exim-announce mailing list, the issue (CVE-2012-5671) was found during an internal code review of an area of the Exim codebase relevant to another issue, namely DKIM signing and verification, which has been the subject of US-CERT VU#268267 and Common Weakness identifiers CWE-347 and CWE-326.

The security vulnerability can be exploited by anyone who can send email from a domain for which they control the DNS. The class of attack is known as a “heap-based buffer overflow”.

Builds of Exim which used the DISABLE_DKIM option are not vulnerable. The Exim team are confident that the next release of Exim will, eventually, be 4.82, and should include the various improvements made since 4.80. However that release will use the normal release candidate baking process.

The release is now available from the primary ftp sites:

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks