Fedora
exim4 package

CVE-2012-5671: Heap-buffer overflow in DNS decode logic used for DKIM

Bug #1071694 reported by Felix Geyer
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
exim4 (Fedora)
Fix Released
Critical
exim4 (Ubuntu)
Fix Released
High
Unassigned
Declined for Lucid by Bryce Harrington
Declined for Oneiric by Bryce Harrington
Nominated for Precise by Felix Geyer
Declined for Quantal by Bryce Harrington
Declined for Raring by Bryce Harrington

Bug Description

A heap-buffer overflow was found in the DKIM DNS decode logic, used by Exim between version 4.70 and 4.80.

Exim 4.80.1 release announcement:
https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html

CVE References

Revision history for this message
In , huzaifas (huzaifas-redhat-bugs) wrote :

A heap-buffer overflow was found in the DKIM DNS decode logic, used by exim. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exim.

This is fixed in version 4.80.1

Revision history for this message
In , huzaifas (huzaifas-redhat-bugs) wrote :

Created attachment 633222
dkim-dns-buffer-overflow-protection-patch

Revision history for this message
In , huzaifas (huzaifas-redhat-bugs) wrote :

Support for DKIM (DomainKeys Identified Mail) in exim was introduced in version 4.70. Also version 4.69 had experimental support. More details available at:

http://wiki.exim.org/DKIM

Red Hat Enterprise Linux 5, ships version exim-4.63, which does not contain the vulnerable DKIM code. Hence the version of exim shipped with Red Hat Enterprise Linux 5 is not vulnerable to this issue.

Revision history for this message
In , huzaifas (huzaifas-redhat-bugs) wrote :

Statement:

Not Vulnerable. This issue does not affect the version of exim as shipped with Red Hat Enterprise Linux 5.

Revision history for this message
In , huzaifas (huzaifas-redhat-bugs) wrote :

This issue affects the version of exim as shipped with Fedora 16 and Fedora 17.

The issue affects the version of exim as shipped with EPEL-6.

Revision history for this message
In , jlieskov (jlieskov-redhat-bugs) wrote :

Public via:
  https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html

Revision history for this message
In , jlieskov (jlieskov-redhat-bugs) wrote :

Created exim tracking bugs for this issue

Affects: fedora-all [bug 870347]
Affects: epel-6 [bug 870348]

Revision history for this message
Felix Geyer (debfx) wrote :

I'm attaching debdiffs for precise and quantal.

Revision history for this message
Felix Geyer (debfx) wrote :
Robie Basak (racb)
Changed in exim4 (Ubuntu):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Felix Geyer (debfx) wrote :

Updates have already been published.

Changed in exim4 (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
In , vdanen (vdanen-redhat-bugs) wrote :

*** Bug 870356 has been marked as a duplicate of this bug. ***

Revision history for this message
In , customercare (customercare-redhat-bugs) wrote :

Can this be closed?

It was fixed for FC 16 / 17 and FC 18 comes with 4.80.1

Revision history for this message
In , thoger (thoger-redhat-bugs) wrote :

Yes, closing, thank you!

Bug Watch Updater (bug-watch-updater)
Changed in exim4 (Fedora):
importance: Unknown → Critical
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.