oss-sec mailing list archives
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.
From: Heiko Schlittermann <hs () nodmarc schlittermann de>
Date: Fri, 6 Sep 2019 12:20:39 +0200
CVE ID: CVE-2019-15846
Credits: Zerons <sironhide0null () gmail com>, Qualys
Version(s): all versions up to and including 4.92.1
Issue: The SMTP Delivery process in all¹ versions up to and
including Exim 4.92.1 has a Buffer Overflow. In the default
runtime configuration, this is exploitable with crafted Server
Name Indication (SNI) data during a TLS negotiation. In other
configurations, it is exploitable with a crafted client TLS certificate.
Details: doc/doc-txt/cve-2019-15846 in the downloaded source tree
Coordinated Release Date (CRD) for Exim 4.92.2:
2019-09-06 10:00 UTC
Contact: security () exim org
We released Exim 4.92.2. This is a security update based on 4.92.1.
Mitigation
==========
Do not offer TLS for incomming connections (tls_advertise_hosts).
This mitigation is *not* recommended!
Downloads
=========
Starting at CRD the downloads will be available from the following
sources:
Release tarballs (exim-4.92.2):
https://ftp.exim.org/pub/exim/exim4/
The package files are signed with my GPG key.
The full Git repo:
https://git.exim.org/exim.git
https://github.com/Exim/exim [mirror of the above]
- tag exim-4.92.2
- branch exim-4.92.2+fixes
The tagged commit is the officially released version. The tag is signed
with my GPG key. The +fixes branch isn't officially maintained, but
contains useful patches *and* the security fix. The relevant commit is
signed with my GPG key. The old exim-4.92.1+fixes branch is being functionally
replaced by the new exim-4.92.2+fixes branch.
¹) We've indication, that only versions starting with 4.80 up to and
including 4.92.1 are affected.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Attachment:
signature.asc
Description:
Current thread:
- CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Sebastian Nielsen (Sep 06)
- Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 06)
- Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Heiko Schlittermann (Sep 06)
- Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 09)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- <Possible follow-ups>
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 05)