FreeBSD : Exim -- remote code execution and information disclosure (36594c54-7be7-11e0-9838-0022156e8794)
High Nessus Plugin ID 53907
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionRelease notes for Exim 4.76 says :
Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution.
DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header cause arbitrary Exim lookups (of items which can occur in lists, *not* arbitrary string expansion). This allowed for information disclosure.
Also, impact assessment was redone shortly after the original announcement :
Further analysis revealed that the second security was more severe than I realised at the time that I wrote the announcement. The second security issue has been assigned CVE-2011-1407 and is also a remote code execution flaw. For clarity: both issues were introduced with 4.70.
SolutionUpdate the affected package.