SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Exim Vendors:   Exim.org
(Debian Issues Fix) Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
SecurityTracker Alert ID:  1007643
SecurityTracker URL:  http://securitytracker.com/id/1007643
CVE Reference:   CVE-2003-0743   (Links to External Site)
Date:  Sep 5 2003
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3, 4 (prior to 4.21)
Description:   A vulnerability was reported in the Exim mail transfer agent. A remote user can trigger a heap overflow.

It is reported that a remote user can connect to the target system via the SMTP port and send specially crafted data to trigger a heap overflow. According to the report, the overflow is "probably not exploitable," but the report admits that this statement may be proven false on some platforms and in some situations.

The flaw resides in 'smtp_in.c' in the processing of HELO strings.

Impact:   A remote user may be able to execute arbitrary code on the system (however, that was not confirmed in the report).
Solution:   Debian has released a fix for the stable distribution (woody) in exim version 3.35-1woody1 and exim-tls version 3.35-3woody1 and for the unstable distribution (sid) in exim version 3.36-8.

Debian GNU/Linux 3.0 alias woody:

Source archives:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1.dsc
Size/MD5 checksum: 661 34a7faf2980c66aab318512a36a2c656
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1.diff.gz
Size/MD5 checksum: 79296 0839fd89bd648ee5828e55afe6ce3628
http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz
Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.dsc
Size/MD5 checksum: 677 efc414eda2eaf3b739c0ff1d0ce1ce08
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.diff.gz
Size/MD5 checksum: 79663 3b0ffcb9a0c4662ba908f622e6bc6923
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz
Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a

Alpha architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_alpha.deb
Size/MD5 checksum: 872528 0c6303e4ab06e4aef0b65e8be9dd6dea
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_alpha.deb
Size/MD5 checksum: 52316 ebc1ae6e92ebd810a4ffd3f7369995f9
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_alpha.deb
Size/MD5 checksum: 873212 19bba89ff92748d38fc68a667474ed35

ARM architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_arm.deb
Size/MD5 checksum: 785544 2bd24816a3290cdaa2bdcd52893f738c
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_arm.deb
Size/MD5 checksum: 43522 d368467b3e01b7525b06d810ddee91de
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_arm.deb
Size/MD5 checksum: 783822 4a14319839d9f01dd2be37e047fd6d66

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_i386.deb
Size/MD5 checksum: 758810 d562e8c0093c8fd1eac2a4b6756b2c74
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_i386.deb
Size/MD5 checksum: 39204 eb5b733cbab82e3613368b117c7ccba8
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_i386.deb
Size/MD5 checksum: 759152 ad293a317eb4ee7bccffff05a425156e

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_ia64.deb
Size/MD5 checksum: 972460 490ba5d8e041b14de7bab91d25cd8e84
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_ia64.deb
Size/MD5 checksum: 65172 151a1cac77506fe862a1d7bd6e800ef4
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_ia64.deb
Size/MD5 checksum: 973764 ee164461e235691d1ebbd5499535bb23

HP Precision architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_hppa.deb
Size/MD5 checksum: 814904 e6865edc611c89d9846aabb61fd0a8f6
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_hppa.deb
Size/MD5 checksum: 48278 d0a74247177785fc79511b03e855c247
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_hppa.deb
Size/MD5 checksum: 813986 5b98643ddca3a563c0f35702533abec7

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_m68k.deb
Size/MD5 checksum: 737612 cdc5648c0a2f0785d9a31f8bed6225cc
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_m68k.deb
Size/MD5 checksum: 37762 138c8847fc4586c4fbabe0358427b752
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_m68k.deb
Size/MD5 checksum: 736502 387d9a32b505ec7f3e8cedad5390095a

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_mips.deb
Size/MD5 checksum: 824132 16515eef87fbea27dd0269bbfd82b804
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_mips.deb
Size/MD5 checksum: 48868 b54faf31be830fc6d88ca91fd92aec15
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mips.deb
Size/MD5 checksum: 824072 068d46cc7be1f70e369795eed39a5e2c

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_mipsel.deb
Size/MD5 checksum: 824350 1e4beb825601c1d6034ed1236a1ddae0
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_mipsel.deb
Size/MD5 checksum: 48770 ae84a1825f88b5e12ed94a4050bac66c
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mipsel.deb
Size/MD5 checksum: 824764 dc94f41f414b487a5fb242abf1691c71

PowerPC architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_powerpc.deb
Size/MD5 checksum: 793734 8751038ff5bc501e701568180cf918df
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_powerpc.deb
Size/MD5 checksum: 44782 a295cd17f3d6f97d5f41a149c4aafe76
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_powerpc.deb
Size/MD5 checksum: 792296 a8e7e8d5c05ad550d02ebed47ec98ee8

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_s390.deb
Size/MD5 checksum: 779618 0f914e0637333149eac25dfb72e1626a
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_s390.deb
Size/MD5 checksum: 43928 f88d92626105590087361b2d8042c3f7
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_s390.deb
Size/MD5 checksum: 778952 a1f2ada573819be4637929c3763a6193

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_sparc.deb
Size/MD5 checksum: 784920 0309da1ad933034ebcec4c44e6bad64a
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_sparc.deb
Size/MD5 checksum: 42440 d26369a10e324da946baa8d17f401c1c
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_sparc.deb
Size/MD5 checksum: 782482 4ae58125f8e4daea23660df37e867c14

Vendor URL:  www.exim.org/pipermail/exim-announce/2003q3/000094.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Debian)
Underlying OS Comments:  3.0

Message History:   This archive entry is a follow-up to the message listed below.
Sep 3 2003 Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution



 Source Message Contents

Subject:  [SECURITY] [DSA-376-1] New exim, exim-tls packages fix buffer overflow


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 376-1                     security@debian.org
http://www.debian.org/security/                             Matt Zimmerman
September 4th, 2003                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : exim exim-tls
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0743

A buffer overflow exists in exim, which is the standard mail transport
agent in Debian.  By supplying a specially crafted HELO or EHLO
command, an attacker could cause a constant string to be written past
the end of a buffer allocated on the heap.  This vulnerability is not
believed at this time to be exploitable to execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
exim version 3.35-1woody1 and exim-tls version 3.35-3woody1.

For the unstable distribution (sid) this problem has been fixed in
exim version 3.36-8.  The unstable distribution does not contain an
exim-tls package.

We recommend that you update your exim or exim-tls package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1.dsc
      Size/MD5 checksum:      661 34a7faf2980c66aab318512a36a2c656
    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1.diff.gz
      Size/MD5 checksum:    79296 0839fd89bd648ee5828e55afe6ce3628
    http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz
      Size/MD5 checksum:  1271057 42d362e40a21bd7ffc298f92c8bd986a
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.dsc
      Size/MD5 checksum:      677 efc414eda2eaf3b739c0ff1d0ce1ce08
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.diff.gz
      Size/MD5 checksum:    79663 3b0ffcb9a0c4662ba908f622e6bc6923
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz
      Size/MD5 checksum:  1271057 42d362e40a21bd7ffc298f92c8bd986a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_alpha.deb
      Size/MD5 checksum:   872528 0c6303e4ab06e4aef0b65e8be9dd6dea
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_alpha.deb
      Size/MD5 checksum:    52316 ebc1ae6e92ebd810a4ffd3f7369995f9
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_alpha.deb
      Size/MD5 checksum:   873212 19bba89ff92748d38fc68a667474ed35

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_arm.deb
      Size/MD5 checksum:   785544 2bd24816a3290cdaa2bdcd52893f738c
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_arm.deb
      Size/MD5 checksum:    43522 d368467b3e01b7525b06d810ddee91de
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_arm.deb
      Size/MD5 checksum:   783822 4a14319839d9f01dd2be37e047fd6d66

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_i386.deb
      Size/MD5 checksum:   758810 d562e8c0093c8fd1eac2a4b6756b2c74
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_i386.deb
      Size/MD5 checksum:    39204 eb5b733cbab82e3613368b117c7ccba8
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_i386.deb
      Size/MD5 checksum:   759152 ad293a317eb4ee7bccffff05a425156e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_ia64.deb
      Size/MD5 checksum:   972460 490ba5d8e041b14de7bab91d25cd8e84
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_ia64.deb
      Size/MD5 checksum:    65172 151a1cac77506fe862a1d7bd6e800ef4
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_ia64.deb
      Size/MD5 checksum:   973764 ee164461e235691d1ebbd5499535bb23

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_hppa.deb
      Size/MD5 checksum:   814904 e6865edc611c89d9846aabb61fd0a8f6
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_hppa.deb
      Size/MD5 checksum:    48278 d0a74247177785fc79511b03e855c247
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_hppa.deb
      Size/MD5 checksum:   813986 5b98643ddca3a563c0f35702533abec7

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_m68k.deb
      Size/MD5 checksum:   737612 cdc5648c0a2f0785d9a31f8bed6225cc
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_m68k.deb
      Size/MD5 checksum:    37762 138c8847fc4586c4fbabe0358427b752
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_m68k.deb
      Size/MD5 checksum:   736502 387d9a32b505ec7f3e8cedad5390095a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_mips.deb
      Size/MD5 checksum:   824132 16515eef87fbea27dd0269bbfd82b804
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_mips.deb
      Size/MD5 checksum:    48868 b54faf31be830fc6d88ca91fd92aec15
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mips.deb
      Size/MD5 checksum:   824072 068d46cc7be1f70e369795eed39a5e2c

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_mipsel.deb
      Size/MD5 checksum:   824350 1e4beb825601c1d6034ed1236a1ddae0
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_mipsel.deb
      Size/MD5 checksum:    48770 ae84a1825f88b5e12ed94a4050bac66c
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mipsel.deb
      Size/MD5 checksum:   824764 dc94f41f414b487a5fb242abf1691c71

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_powerpc.deb
      Size/MD5 checksum:   793734 8751038ff5bc501e701568180cf918df
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_powerpc.deb
      Size/MD5 checksum:    44782 a295cd17f3d6f97d5f41a149c4aafe76
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_powerpc.deb
      Size/MD5 checksum:   792296 a8e7e8d5c05ad550d02ebed47ec98ee8

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_s390.deb
      Size/MD5 checksum:   779618 0f914e0637333149eac25dfb72e1626a
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_s390.deb
      Size/MD5 checksum:    43928 f88d92626105590087361b2d8042c3f7
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_s390.deb
      Size/MD5 checksum:   778952 a1f2ada573819be4637929c3763a6193

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody1_sparc.deb
      Size/MD5 checksum:   784920 0309da1ad933034ebcec4c44e6bad64a
    http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody1_sparc.deb
      Size/MD5 checksum:    42440 d26369a10e324da946baa8d17f401c1c
    http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_sparc.deb
      Size/MD5 checksum:   782482 4ae58125f8e4daea23660df37e867c14

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/V8wEArxCt0PiXR4RAhmXAJ0XsYiULkkaee9lMG93+DgRvKtYUACfcn6T
AZKZChaqO0VFoKPvq4Tw0Pg=
=5mFP
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC