Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in exim
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in exim
ID: USN-1130-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04
Datum: Mi, 11. Mai 2011, 06:41
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764
Applikationen: exim

Originalnachricht


--===============4335907212598302794==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="dTy3Mrz/UPE2dbVg"
Content-Disposition: inline


--dTy3Mrz/UPE2dbVg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1130-1
May 10, 2011

exim4 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

Exim could be made to run arbitrary code under some conditions.

Software Description:
- exim4: Exim mail transfer agent

Details:

It was discovered that the Exim daemon did not correctly handle format
strings in DKIM headers. An unauthenticated remote attacker could send
specially crafted email to run arbitrary code as the Exim user. The
default compiler options for affected releases reduces the vulnerability
to a denial of service under most conditions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
exim4-daemon-custom 4.74-1ubuntu1.1
exim4-daemon-heavy 4.74-1ubuntu1.1
exim4-daemon-light 4.74-1ubuntu1.1

Ubuntu 10.10:
exim4-daemon-custom 4.72-1ubuntu1.2
exim4-daemon-heavy 4.72-1ubuntu1.2
exim4-daemon-light 4.72-1ubuntu1.2

Ubuntu 10.04 LTS:
exim4-daemon-custom 4.71-3ubuntu1.2
exim4-daemon-heavy 4.71-3ubuntu1.2
exim4-daemon-light 4.71-3ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
CVE-2011-1764

Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.74-1ubuntu1.1
https://launchpad.net/ubuntu/+source/exim4/4.72-1ubuntu1.2
https://launchpad.net/ubuntu/+source/exim4/4.71-3ubuntu1.2


--dTy3Mrz/UPE2dbVg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net>

iQIcBAEBCgAGBQJNyahGAAoJEIly9N/cbcAm8qwP/R2epC4X7Kzg9ifJLzBBwsNQ
5/6um6fM0IhNG1efYBU/Ha5dsagv85uPtiRQQANuVOw0qsfsngB5sg4iiA5ojiU9
SDsvme44THhLDxsm1JU54FITV+t59e7QBVpIBliaN0GTzlWZzvUA0pgBiupulVOm
ghQNyQAk9IZQAdFdZC/+pxkKuK0ymEF/MPQMv2fxxlJ/11AooIVUzD/y9bkAbnx1
eDCppsfSsixaECNt9E1qwKZa5cqSUebgFSlCjJSNb+rPWU3aojr5XL7Ke0hUShKK
Zx8a2Sr2KdqKphdTSBei4Ax7JNl27kiGNXhAwvAgy2KeAxtjNptiANwWWpyN/D+j
JGo08La+BOUn/NRcVCksmSWolPK35vxjAfLg34v+SVGP8UPtbz/+e9X4uiLlKkpg
KrnT3QENI8ORkILrnqGGh3/5pevIyqdzfBwSqylAk6xqgIa/vVo/2T8HWc//mnHR
KgkCIpPnrifYirlPV9oVQyQO9NkHvqArWBM9oYJpCdwID2hFBJllgHuUyrXj23XF
6cdkqLKJwSG2nSVOohSX09CnIHtEAQCGtZlaz7CF5V0oT3coxJrXcWbIK533x5iT
60TPf6vXlAHBfnIWlziBGbz5l8RvSBqfZ30igB03FpqOgdsFqqoZQPzuSMBSRQZ3
bPdYc6eAuojHH3SUJgIg
=svss
-----END PGP SIGNATURE-----

--dTy3Mrz/UPE2dbVg--


--===============4335907212598302794==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4335907212598302794==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung