Executive Summary

Summary
Title Exim vulnerability
Informations
Name USN-1618-1 First vendor Publication 2012-10-26
Vendor Ubuntu Last vendor Modification 2012-10-26
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS

Summary:

Exim could be made to run programs if it received specially crafted network traffic.

Software Description: - exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.10:
exim4-daemon-custom 4.80-3ubuntu1.1
exim4-daemon-heavy 4.80-3ubuntu1.1
exim4-daemon-light 4.80-3ubuntu1.1

Ubuntu 12.04 LTS:
exim4-daemon-custom 4.76-3ubuntu3.1
exim4-daemon-heavy 4.76-3ubuntu3.1
exim4-daemon-light 4.76-3ubuntu3.1

Ubuntu 11.10:
exim4-daemon-custom 4.76-2ubuntu1.1
exim4-daemon-heavy 4.76-2ubuntu1.1
exim4-daemon-light 4.76-2ubuntu1.1

Ubuntu 11.04:
exim4-daemon-custom 4.74-1ubuntu1.3
exim4-daemon-heavy 4.74-1ubuntu1.3
exim4-daemon-light 4.74-1ubuntu1.3

Ubuntu 10.04 LTS:
exim4-daemon-custom 4.71-3ubuntu1.4
exim4-daemon-heavy 4.71-3ubuntu1.4
exim4-daemon-light 4.71-3ubuntu1.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1618-1
CVE-2012-5671

Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.80-3ubuntu1.1
https://launchpad.net/ubuntu/+source/exim4/4.76-3ubuntu3.1
https://launchpad.net/ubuntu/+source/exim4/4.76-2ubuntu1.1
https://launchpad.net/ubuntu/+source/exim4/4.74-1ubuntu1.3
https://launchpad.net/ubuntu/+source/exim4/4.71-3ubuntu1.4

Original Source

Url : http://www.ubuntu.com/usn/USN-1618-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17931
 
Oval ID: oval:org.mitre.oval:def:17931
Title: USN-1618-1 -- exim4 vulnerability
Description: Exim could be made to run programs if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1618-1
CVE-2012-5671
 Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
 Product(s): exim4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19926
 
Oval ID: oval:org.mitre.oval:def:19926
Title: DSA-2566-1 exim4 - heap overflow
Description: It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2566-1
CVE-2012-5671
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): exim4
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 9

OpenVAS Exploits

Date Description
2012-12-13 Name : SuSE Update for exim openSUSE-SU-2012:1404-1 (exim)
File : nvt/gb_suse_2012_1404_1.nasl
2012-11-02 Name : Fedora Update for exim FEDORA-2012-17044
File : nvt/gb_fedora_2012_17044_exim_fc17.nasl
2012-11-02 Name : Fedora Update for exim FEDORA-2012-17085
File : nvt/gb_fedora_2012_17085_exim_fc16.nasl
2012-10-29 Name : Debian Security Advisory DSA 2566-1 (exim4)
File : nvt/deb_2566_1.nasl
2012-10-29 Name : FreeBSD Ports: exim
File : nvt/freebsd_exim4.nasl
2012-10-29 Name : Ubuntu Update for exim4 USN-1618-1
File : nvt/gb_ubuntu_USN_1618_1.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Exim DKIM decoding buffer overflow attempt
RuleID : 25333 - Revision : 7 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

Date Description
2014-08-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-482.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-738.nasl - Type : ACT_GATHER_INFO
2014-04-18 Name : The remote web server contains an application that is affected by a buffer ov...
File : atmail_webmail_6_6_2.nasl - Type : ACT_GATHER_INFO
2014-01-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-32.nasl - Type : ACT_GATHER_INFO
2012-11-09 Name : The remote Fedora host is missing a security update.
File : fedora_2012-16899.nasl - Type : ACT_GATHER_INFO
2012-10-31 Name : The remote Fedora host is missing a security update.
File : fedora_2012-17085.nasl - Type : ACT_GATHER_INFO
2012-10-30 Name : The remote Fedora host is missing a security update.
File : fedora_2012-17044.nasl - Type : ACT_GATHER_INFO
2012-10-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2566.nasl - Type : ACT_GATHER_INFO
2012-10-29 Name : The remote mail server is potentially affected by a buffer overflow vulnerabi...
File : exim_4_80_1.nasl - Type : ACT_GATHER_INFO
2012-10-26 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_b0f3ab1f1f3b11e28fe90022156e8794.nasl - Type : ACT_GATHER_INFO
2012-10-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1618-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:00:59
  • Multiple Updates