Remote Exim Exploit In the Wild 90
An anonymous reader sends word of a remote exploit in the wild against the Exim mail agent. The news comes on the exim mailing list, where a user posted that he had his exim install hacked via remote exploit giving the attacker the privilege of the mailnull user, which can lead to other possible attacks. A note up at the Internet Storm Center reminds exim users how to set up to run in unprivileged mode, and a commenter includes recompile instructions for Debian exim for added safety. The security press hasn't picked up on this story so far.
Was fixed in 4.70 according to Mailing List (Score:5, Informative)
http://www.exim.org/lurker/message/20101210.071922.233697ac.en.html [exim.org]
"Paul Fisher and I have successfully run the exploit against a copy of
Exim running in a debugger on debian lenny, and we believe it utilizes
this bug:
http://bugs.exim.org/show_bug.cgi?id=787 [exim.org]
It was fixed in 4.70, but not in the version currently in debian
stable.
James E. Blair
UC Berkeley"
Debian patched it today (Score:5, Informative)
Debian released patches this morning for it.
exim4 (4.69-9+lenny1) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix SMTP file descriptors being leaked to processes invoked with ${run...}
* Fix memory corruption issue in string_format(). CVE-2010-4344
* Fix potential memory pool corruption issue in internal_lsearch_find().
-- Stefan Fritsch Fri, 10 Dec 2010 13:25:07 +0100
Re:Was fixed in 4.70 according to Mailing List (Score:5, Informative)
Debian has released a DSA and a fixed version for Stable. See Debian Security Advisory DSA-2131-1 and Debian Security [debian.org].
Re:Was fixed in 4.70 according to Mailing List (Score:3, Informative)
Re:Was fixed in 4.70 according to Mailing List (Score:5, Informative)
Boring target.