Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Exim Exploit In the Wild

Posted by kdawson on from the be-careful-out-there dept.

An anonymous reader sends word of a remote exploit in the wild against the Exim mail agent. The news comes on the exim mailing list, where a user posted that he had his exim install hacked via remote exploit giving the attacker the privilege of the mailnull user, which can lead to other possible attacks. A note up at the Internet Storm Center reminds exim users how to set up to run in unprivileged mode, and a commenter includes recompile instructions for Debian exim for added safety. The security press hasn't picked up on this story so far.

8 of 90 comments (clear)

  1. Was fixed in 4.70 according to Mailing List by gQuigs · · Score: 5, Informative

    http://www.exim.org/lurker/message/20101210.071922.233697ac.en.html

    "Paul Fisher and I have successfully run the exploit against a copy of
    Exim running in a debugger on debian lenny, and we believe it utilizes
    this bug:

    http://bugs.exim.org/show_bug.cgi?id=787

    It was fixed in 4.70, but not in the version currently in debian
    stable.

    James E. Blair
    UC Berkeley"

    1. Re:Was fixed in 4.70 according to Mailing List by John+Hasler · · Score: 5, Informative

      It was fixed in 4.70, but not in the version currently in debian stable.

      Debian has released a DSA and a fixed version for Stable. See Debian Security Advisory DSA-2131-1 and Debian Security .

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:Was fixed in 4.70 according to Mailing List by Rockoon · · Score: 3, Informative

      Security through obscurity.

      --
      "His name was James Damore."
    3. Re:Was fixed in 4.70 according to Mailing List by MobileTatsu-NJG · · Score: 4, Informative

      Boring target.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  2. Re:First comment! by clang_jangle · · Score: 4, Funny

    It is to the four people who actually succeeded at getting exim to run.

    --
    Caveat Utilitor
  3. Debian patched it today by domatic · · Score: 5, Informative

    Debian released patches this morning for it.

    exim4 (4.69-9+lenny1) stable-security; urgency=high

        * Non-maintainer upload by the Security Team.
        * Fix SMTP file descriptors being leaked to processes invoked with ${run...}
        * Fix memory corruption issue in string_format(). CVE-2010-4344
        * Fix potential memory pool corruption issue in internal_lsearch_find().

      -- Stefan Fritsch Fri, 10 Dec 2010 13:25:07 +0100

  4. Exim hate by Curunir_wolf · · Score: 3

    I don't really get all the hate for Exim. I've been using it exclusively on mail servers for about 10 years, and I've never had a problem. I do remember going through a lot of reading and learning (and sometimes experimenting) the first few times I set it up (and of course when implementing a major feature change). But, for me, the task was less daunting than the alternatives. I don't really remember whether postfix was one of those alternatives I explored at the time, but now that I'm familiar with Exim, I see no reason to change.

    --
    "Somebody has to do something. It's just incredibly pathetic it has to be us."
    --- Jerry Garcia
  5. Sure glad all my servers run Sendmail by dskoll · · Score: 5, Funny

    Bet you never thought you'd read that in response to a security announcement. :)