FreeBSD : Exim -- remote code execution and information disclosure (36594c54-7be7-11e0-9838-0022156e8794)

high Nessus Plugin ID 53907

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Release notes for Exim 4.76 says :

Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution.

DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header cause arbitrary Exim lookups (of items which can occur in lists, *not* arbitrary string expansion). This allowed for information disclosure.

Also, impact assessment was redone shortly after the original announcement :

Further analysis revealed that the second security was more severe than I realised at the time that I wrote the announcement. The second security issue has been assigned CVE-2011-1407 and is also a remote code execution flaw. For clarity: both issues were introduced with 4.70.

Solution

Update the affected package.

See Also

https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html

https://bugs.exim.org/show_bug.cgi?id=1106

http://www.nessus.org/u?90f9259f

Plugin Details

Severity: High

ID: 53907

File Name: freebsd_pkg_36594c547be711e098380022156e8794.nasl

Version: 1.10

Type: local

Published: 5/16/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:exim, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/14/2011

Vulnerability Publication Date: 5/10/2011

Reference Information

CVE: CVE-2011-1407, CVE-2011-1764