Commit | Line | Data |
---|---|---|
57091745 HSHR |
1 | CVE ID: CVE-2016-9963 |
2 | Date: 2016-12-15 | |
3 | Credits: Bjoern Jacke <bjoern@j3e.de> | |
4 | Version(s): 4.69 -> 4.87 | |
5 | Issue: If several conditions are met, Exim leaks private information | |
6 | to a remote attacker. | |
7 | ||
8 | Conditions | |
9 | ========== | |
10 | ||
11 | If *all* of the following conditions are met | |
12 | ||
13 | Build options | |
14 | ------------- | |
15 | ||
16 | * Exim is built with DKIM enabled (default for newer versions) | |
17 | exim -bV | grep 'Support.*DKIM' | |
18 | ||
19 | Runtime options | |
20 | --------------- | |
21 | ||
22 | * Exim uses DKIM signing (transport options dkim_private_key, | |
23 | dkim_domain, and other) | |
24 | ||
25 | * The dkim_private_key option names a file containing the key. | |
26 | ||
27 | exim -bP transports | grep 'dkim_private_key = .' | |
28 | ||
29 | * Exim uses PRDR (transport option hosts_try_prdr) (default | |
30 | since 4.86) | |
31 | ||
32 | exim -bP transports | grep 'hosts_try_prdr = .' | |
33 | ||
34 | *OR* | |
35 | ||
36 | Exim uses the LMTP protocol variant for SMTP transport. | |
37 | ||
38 | exim -bP transports | grep 'protocol = lmtp' | |
39 | ||
40 | Operation | |
41 | --------- | |
42 | ||
43 | * Exim transports a multi-recipient message | |
44 | ||
45 | * The destination host supports PRDR | |
46 | OR | |
47 | the message transport uses LMTP | |
48 | ||
49 | * One or more recipients are rejected after the DATA phase | |
50 | ||
51 | Impact | |
52 | ====== | |
53 | ||
54 | Exim leaks the private DKIM signing key to the log files. Additionally, | |
55 | if the build option EXPERIMENTAL_DSN_INFO=yes is used, the key material | |
56 | is included in the bounce message. | |
57 | ||
58 | Fix | |
59 | === | |
60 | ||
61 | Install a fixed Exim version: | |
62 | ||
7b61e16c HSHR |
63 | 4.88 |
64 | 4.87.1 | |
57091745 HSHR |
65 | |
66 | If you can't install one of the above versions, ask your package | |
67 | maintainer for a version containing the backported fix. On request and | |
68 | depending on our resources we will support you in backporting the fix. | |
69 | (Please note, that Exim project officially doesn't support versions | |
70 | prior the current stable version.) | |
71 | ||
7b61e16c HSHR |
72 | If you think that you MIGHT be affected, we HIGHLY recommend to create |
73 | a new set of DKIM keys and fade out the previous DKIM key soon to make | |
74 | sure that a possibly leaked DKIM key can not be misused in the future. | |
75 | ||
76 | ||
57091745 HSHR |
77 | Workaround |
78 | ========== | |
79 | ||
80 | Disable PRDR in your outgoing transport(s): set hosts_try_prdr to an | |
81 | empty string. | |
82 | ||
83 | AND do not use the LMTP protocol variant of the SMTP driver. | |
84 | ||
85 | Indication | |
86 | ========== | |
87 | ||
88 | You can check if you where affected already. The mainlog entries look like this: | |
89 | ||
90 | 2016-12-17 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after -----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd\n+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+Y\ndhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB\nAoGAZPokJKQQmRK6a0zn5f8lWemy0airG66KhzDF0Pafb/nWKgDCB02gpJgdw5rJ\nbO7/HI3IeqsfRdYTP7tjfmZtPiPo1mnF7D1rSRspZjOF2yXY/ky7t7c5xChRcSxf\n+69CknwjrfteY9Aj0j6o7N+2w2uvHO+AAq8BHDgXKmPo0SECQQDzQ/glyhNH9tlO\nx+3TTMwwyZUf2mYYosN3Q9NIl3Umz/3+13K5b6Ed6fZvS/XwU55Qf5IBUVj2Fujk\nRv2lbGPpAkEA4okpnzYz5nm1X5WjpJPQPyo8nGEU1A5QfoDbkAvWYvVoYrpWPOx5\nHFpOAHkvSk1Y1vhCUa+zHwiQRBC8OMp6LwJBAOAUK/AjQ792UpWO9DM++pe2F/dP\nZdwrkYG6qFSlrvQhgwXLz5GgkfjMGoRKpDDL1XixCfzMwfVtBPnBqsNGJIECQGYX\nSIGu7L7edMXJ60C9OKluwHf9LGTQuqf4LHsDSq+4Rz3PGhREwePsMqD1/EDxEKt4\noHKtyvyeYF28aQbzARMCQQCRtJlR6vlKhxYL8+xoPrCu3MijKgVruRUcNstXkDZK\nfKQax6vhiMq+0qIiEwLA1wavyLVKZ7Mfag+/4NTcDUVC\n-----END RSA PRIVATE KEY-----\n: 550 PRDR R=<baduser@test.ex> refusal | |
91 | ||
7b61e16c HSHR |
92 | Even if there is no evidence in the existing log files, that a DKIM key |
93 | leakage happened this might have happened in the past, log files might | |
94 | have been deleted already but a key leak could have ended up via mail | |
95 | bounce in a user mail box |