This update fixes two remote execution exploits in DKIM processing code (CVE-2011-1407, CVE-2011-1764).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201401-32 (Exim: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Exim. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with root       privileges, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

This exim security update fixes importer string handling in DKIM signatures. (CVE-2011-1764)

It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code.
(CVE-2011-1764 )

The oldstable distribution (lenny) is not affected by this problem because it does not contain DKIM support.

Release notes for Exim 4.76 says :

Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution.

DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header cause arbitrary Exim lookups (of items which can occur in lists, *not* arbitrary string expansion). This allowed for information disclosure.

Also, impact assessment was redone shortly after the original announcement :

Further analysis revealed that the second security was more severe than I realised at the time that I wrote the announcement. The second security issue has been assigned CVE-2011-1407 and is also a remote code execution flaw. For clarity: both issues were introduced with 4.70.

This update fixes a remotely exploitable overflow in DKIM handling.

Based on its response to a specially formatted mail message, the Exim mail server listening on this port appears to be affected by a format string vulnerability. The vulnerability is due to a failure in the dkim_exim_verify_finish() function to properly sanitize format string specifiers in the DKIM-Signature header. A remote attacker can exploit this by sending a specially crafted email, resulting in the execution of arbitrary code as the Exim run-time user.

It was discovered that the Exim daemon did not correctly handle format strings in DKIM headers. An unauthenticated remote attacker could send specially crafted email to run arbitrary code as the Exim user. The default compiler options for affected releases reduces the vulnerability to a denial of service under most conditions.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running Exim, a message transfer agent.  

Versions of Exim earlier than 4.76 are potentially affected by a format string vulnerability in logging DKIM information from an inbound email.  By sending a specially crafted message to the server, a remote attacker can leverage this vulnerability to execute arbitrary code on the server subject to the privileges of the user running the affected application.

ID	Name	Product	Family	Published	Updated	Severity
54296	Fedora 14 : exim-4.76-1.fc14 (2011-7047)	Nessus	Fedora Local Security Checks	5/18/2011	1/11/2021	high
54297	Fedora 13 : exim-4.76-1.fc13 (2011-7059)	Nessus	Fedora Local Security Checks	5/18/2011	1/11/2021	high
72159	GLSA-201401-32 : Exim: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	1/28/2014	3/28/2022	high
75483	openSUSE Security Update : exim (openSUSE-SU-2011:0456-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/14/2021	high
75825	openSUSE Security Update : exim (openSUSE-SU-2011:0456-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/14/2021	high
53833	Debian DSA-2232-1 : exim4 - format string vulnerability	Nessus	Debian Local Security Checks	5/9/2011	1/4/2021	high
53907	FreeBSD : Exim -- remote code execution and information disclosure (36594c54-7be7-11e0-9838-0022156e8794)	Nessus	FreeBSD Local Security Checks	5/16/2011	1/6/2021	high
54576	Fedora 15 : exim-4.76-2.fc15 (2011-7111)	Nessus	Fedora Local Security Checks	5/19/2011	1/11/2021	high
74790	openSUSE Security Update : exim (openSUSE-SU-2012:1404-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/19/2021	high
53856	Exim < 4.76 dkim_exim_verify_finish() DKIM-Signature Header Format String	Nessus	SMTP problems	5/10/2011	7/10/2018	high
55091	Ubuntu 10.04 LTS / 10.10 / 11.04 : exim4 vulnerability (USN-1130-1)	Nessus	Ubuntu Local Security Checks	6/13/2011	9/19/2019	high
5911	Exim < 4.76 dkim_exim_verify_finish Remote Format String Vulnerability	Nessus Network Monitor	SMTP Servers	5/10/2011	3/6/2019	medium

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high

high

medium