Commit | Line | Data |
---|---|---|
e101dc5c JH |
1 | CVE ID: CVE-2019-16928 |
2 | Date: 2019-09-27 (CVE assigned) | |
3 | Version(s): from 4.92 up to and including 4.92.2 | |
4 | Reporter: QAX-A-TEAM <areuu@outlook.com> | |
5 | Reference: https://bugs.exim.org/show_bug.cgi?id=2449 | |
6 | Issue: Heap-based buffer overflow in string_vformat, | |
7 | remote code execution seems to be possible | |
8 | ||
9 | Conditions to be vulnerable | |
10 | =========================== | |
11 | ||
12 | All versions from (and including) 4.92 up to (and including) 4.92.2 are | |
13 | vulnerable. | |
14 | ||
15 | Details | |
16 | ======= | |
17 | ||
18 | There is a heap-based buffer overflow in string_vformat (string.c). | |
19 | The currently known exploit uses a extraordinary long EHLO string to | |
20 | crash the Exim process that is receiving the message. While at this | |
21 | mode of operation Exim already dropped its privileges, other paths to | |
22 | reach the vulnerable code may exist. | |
23 | ||
24 | Mitigation | |
25 | ========== | |
26 | ||
27 | There is - beside updating the server - no known mitigation. | |
28 | ||
29 | Fix | |
30 | === | |
31 | ||
e39f19e0 HSHR |
32 | Download and build the fixed version 4.92.3 |
33 | ||
34 | Tarballs: https://ftp.exim.org/pub/exim/exim4/ | |
35 | Git: https://github.com/Exim/exim.git | |
36 | - tag exim-4.92.3 | |
37 | - branch exim-4.92.3+fixes | |
38 | ||
39 | The tagged commit is the officially released version. The +fixes branch | |
40 | isn't officially maintained, but contains the security fix *and* useful | |
41 | fixes. | |
42 | ||
43 | If you can't install the above versions, ask your package maintainer for | |
44 | a version containing the backported fix. On request and depending on our | |
45 | resources we will support you in backporting the fix. (Please note, | |
46 | the Exim project officially doesn't support versions prior the current | |
47 | stable version.) | |
48 | ||
49 | Timeline | |
50 | ========= | |
51 | ||
52 | - 2019-09-27 Report as Bug 2499 | |
53 | - 2019-09-28 Announcement to exim-maintainers, oss-security | |
54 | - 2019-09-28 Release 4.92.3, Release-Announcements to | |
55 | exim-{announce,users,maintainers}, oss-security |