tidying
[exim.git] / doc / doc-txt / cve-2019-15846 / cve.txt
CommitLineData
c3aefacc
HSHR
1CVE ID: CVE-2019-15846
2Date: 2019-09-02 (CVE assigned)
3Credits: Zerons <sironhide0null@gmail.com> for the initial report
4 Qualys https://www.qualys.com/ for the analysis
5Version(s): all versions up to and including 4.92.1
6Issue: A local or remote attacker can execute programs with root
7 privileges.
8
9Conditions to be vulnerable
10===========================
11
12If your Exim server accepts TLS connections, it is vulnerable. This does
13not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected.
14
15Details
16=======
17
18The vulnerability is exploitable by sending a SNI ending in a
19backslash-null sequence during the initial TLS handshake. The exploit
20exists as a POC. For more details see the document qualys.mbx
21
22Mitigation
23==========
24
25Do not offer TLS. (This mitigation is not recommended.)
26
27Fix
28===
29
30Download and build a fixed version:
31
32 Tarballs: https://ftp.exim.org/pub/exim/exim4/
33 Git: https://github.com/Exim/exim.git
34 - tag exim-4.92.2
35 - branch exim-4.92.2+fixes
36
37The tagged commit is the officially released version. The +fixes branch
38isn't officially maintained, but contains the security fix *and* useful
39fixes.
40
41If you can't install the above versions, ask your package maintainer for
42a version containing the backported fix. On request and depending on our
43resources we will support you in backporting the fix. (Please note,
44the Exim project officially doesn't support versions prior the current
45stable version.)