CVE-2011-1764: format string vulnerability
Bug #779391 reported by
Felix Geyer
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
exim |
Fix Released
|
Unknown
|
|||
exim4 (Debian) |
Fix Released
|
Unknown
|
|||
exim4 (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook | ||
Lucid |
Fix Released
|
Medium
|
Kees Cook | ||
Maverick |
Fix Released
|
Medium
|
Kees Cook | ||
Natty |
Fix Released
|
Medium
|
Kees Cook | ||
Oneiric |
Fix Released
|
Medium
|
Kees Cook |
Bug Description
Binary package hint: exim4
From http://
> It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code. (CVE-2011-1764)
CVE References
visibility: | private → public |
Changed in exim4 (Ubuntu): | |
status: | New → Triaged |
Changed in exim: | |
status: | Unknown → Fix Released |
tags: | added: patch |
Changed in exim4 (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Email from John Levine below - says it all I think.
thanks
--srs
-------- Original Message --------
Subject: Re: dkim plugin in exim 4.72 doesnt seem to like your signature ..
Date: 29 Apr 2011 10:50:50 -0400
From: John R. Levine <email address hidden>
To: Suresh Ramasubramanian <email address hidden>
It's a buglet in exim, which seems to be misinterpreting percent signs as printf codes or something.
In DKIM signatures, percent signs aren't special.
On Fri, 29 Apr 2011, Suresh Ramasubramanian wrote:
> 2011-04-29 02:34:28 1QFk5k-0003Ry-NL string_format: unsupported type in 4db9faa9. k1104 c=simple/simple <email address hidden> [verification 4db9faa9. k1104 c=simple/simple <email address hidden> [verification 4db9faa9. k1104 c=simple/simple <email address hidden> [verification
> "%i" in "DKIM: d=iecc.com s=4330.
> a=rsa-sha256 i=spamfighter%
> succeeded]"
> 2011-04-29 03:06:34 1QFkao-0003VB-Lv string_format: unsupported type in
> "%i" in "DKIM: d=iecc.com s=4330.
> a=rsa-sha256 i=spamfighter%
> succeeded]"
> 2011-04-29 03:37:32 1QFl4m-0003Xa-C0 string_format: unsupported type in
> "%i" in "DKIM: d=iecc.com s=4330.
> a=rsa-sha256 i=spamfighter%
> succeeded]"
>
> etc
>
>
Regards, jl.ly
John Levine, <email address hidden>, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://