--------------------------------------------------------------------------
Debian Security Advisory DSA 376-1                     security@debian.org 
Debian -- Security Information                              Matt Zimmerman
September 4th, 2003                      Debian -- Debian security FAQ 
--------------------------------------------------------------------------

Package        : exim exim-tls
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0743

A buffer overflow exists in exim, which is the standard mail transport
agent in Debian.  By supplying a specially crafted HELO or EHLO
command, an attacker could cause a constant string to be written past
the end of a buffer allocated on the heap.  This vulnerability is not
believed at this time to be exploitable to execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
exim version 3.35-1woody1 and exim-tls version 3.35-3woody1.

For the unstable distribution (sid) this problem has been fixed in
exim version 3.36-8.  The unstable distribution does not contain an
exim-tls package.

We recommend that you update your exim or exim-tls package.

Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

      
      Size/MD5 checksum:      661 34a7faf2980c66aab318512a36a2c656
      
      Size/MD5 checksum:    79296 0839fd89bd648ee5828e55afe6ce3628
      
      Size/MD5 checksum:  1271057 42d362e40a21bd7ffc298f92c8bd986a
      
      Size/MD5 checksum:      677 efc414eda2eaf3b739c0ff1d0ce1ce08
      
      Size/MD5 checksum:    79663 3b0ffcb9a0c4662ba908f622e6bc6923
      
      Size/MD5 checksum:  1271057 42d362e40a21bd7ffc298f92c8bd986a

  Alpha architecture:

      
      Size/MD5 checksum:   872528 0c6303e4ab06e4aef0b65e8be9dd6dea
      
      Size/MD5 checksum:    52316 ebc1ae6e92ebd810a4ffd3f7369995f9
      
      Size/MD5 checksum:   873212 19bba89ff92748d38fc68a667474ed35

  ARM architecture:

      
      Size/MD5 checksum:   785544 2bd24816a3290cdaa2bdcd52893f738c
      
      Size/MD5 checksum:    43522 d368467b3e01b7525b06d810ddee91de
      
      Size/MD5 checksum:   783822 4a14319839d9f01dd2be37e047fd6d66

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   758810 d562e8c0093c8fd1eac2a4b6756b2c74
      
      Size/MD5 checksum:    39204 eb5b733cbab82e3613368b117c7ccba8
      
      Size/MD5 checksum:   759152 ad293a317eb4ee7bccffff05a425156e

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   972460 490ba5d8e041b14de7bab91d25cd8e84
      
      Size/MD5 checksum:    65172 151a1cac77506fe862a1d7bd6e800ef4
      
      Size/MD5 checksum:   973764 ee164461e235691d1ebbd5499535bb23

  HP Precision architecture:

      
      Size/MD5 checksum:   814904 e6865edc611c89d9846aabb61fd0a8f6
      
      Size/MD5 checksum:    48278 d0a74247177785fc79511b03e855c247
      
      Size/MD5 checksum:   813986 5b98643ddca3a563c0f35702533abec7

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   737612 cdc5648c0a2f0785d9a31f8bed6225cc
      
      Size/MD5 checksum:    37762 138c8847fc4586c4fbabe0358427b752
      
      Size/MD5 checksum:   736502 387d9a32b505ec7f3e8cedad5390095a

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   824132 16515eef87fbea27dd0269bbfd82b804
      
      Size/MD5 checksum:    48868 b54faf31be830fc6d88ca91fd92aec15
      
      Size/MD5 checksum:   824072 068d46cc7be1f70e369795eed39a5e2c

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   824350 1e4beb825601c1d6034ed1236a1ddae0
      
      Size/MD5 checksum:    48770 ae84a1825f88b5e12ed94a4050bac66c
      
      Size/MD5 checksum:   824764 dc94f41f414b487a5fb242abf1691c71

  PowerPC architecture:

      
      Size/MD5 checksum:   793734 8751038ff5bc501e701568180cf918df
      
      Size/MD5 checksum:    44782 a295cd17f3d6f97d5f41a149c4aafe76
      
      Size/MD5 checksum:   792296 a8e7e8d5c05ad550d02ebed47ec98ee8

  IBM S/390 architecture:

      
      Size/MD5 checksum:   779618 0f914e0637333149eac25dfb72e1626a
      
      Size/MD5 checksum:    43928 f88d92626105590087361b2d8042c3f7
      
      Size/MD5 checksum:   778952 a1f2ada573819be4637929c3763a6193

  Sun Sparc architecture:

      
      Size/MD5 checksum:   784920 0309da1ad933034ebcec4c44e6bad64a
      
      Size/MD5 checksum:    42440 d26369a10e324da946baa8d17f401c1c
      
      Size/MD5 checksum:   782482 4ae58125f8e4daea23660df37e867c14

  These files will probably be moved into the stable distribution on
  its next revision.

---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: 'exim' buffer overflow

September 5, 2003
A buffer overflow exists in exim, which is the standard mail transportagent in Debian

Summary

A buffer overflow exists in exim, which is the standard mail transport
agent in Debian. By supplying a specially crafted HELO or EHLO
command, an attacker could cause a constant string to be written past
the end of a buffer allocated on the heap. This vulnerability is not
believed at this time to be exploitable to execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
exim version 3.35-1woody1 and exim-tls version 3.35-3woody1.

For the unstable distribution (sid) this problem has been fixed in
exim version 3.36-8. The unstable distribution does not contain an
exim-tls package.

We recommend that you update your exim or exim-tls package.

Upgrade Instructions
--------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
--------------------------------

Source archives:


Size/MD5 checksum: 661 34a7faf2980c66aab318512a36a2c656

Size/MD5 checksum: 79296 0839fd89bd648ee5828e55afe6ce3628

Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a

Size/MD5 checksum: 677 efc414eda2eaf3b739c0ff1d0ce1ce08

Size/MD5 checksum: 79663 3b0ffcb9a0c4662ba908f622e6bc6923

Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a

Alpha architecture:


Size/MD5 checksum: 872528 0c6303e4ab06e4aef0b65e8be9dd6dea

Size/MD5 checksum: 52316 ebc1ae6e92ebd810a4ffd3f7369995f9

Size/MD5 checksum: 873212 19bba89ff92748d38fc68a667474ed35

ARM architecture:


Size/MD5 checksum: 785544 2bd24816a3290cdaa2bdcd52893f738c

Size/MD5 checksum: 43522 d368467b3e01b7525b06d810ddee91de

Size/MD5 checksum: 783822 4a14319839d9f01dd2be37e047fd6d66

Intel IA-32 architecture:


Size/MD5 checksum: 758810 d562e8c0093c8fd1eac2a4b6756b2c74

Size/MD5 checksum: 39204 eb5b733cbab82e3613368b117c7ccba8

Size/MD5 checksum: 759152 ad293a317eb4ee7bccffff05a425156e

Intel IA-64 architecture:


Size/MD5 checksum: 972460 490ba5d8e041b14de7bab91d25cd8e84

Size/MD5 checksum: 65172 151a1cac77506fe862a1d7bd6e800ef4

Size/MD5 checksum: 973764 ee164461e235691d1ebbd5499535bb23

HP Precision architecture:


Size/MD5 checksum: 814904 e6865edc611c89d9846aabb61fd0a8f6

Size/MD5 checksum: 48278 d0a74247177785fc79511b03e855c247

Size/MD5 checksum: 813986 5b98643ddca3a563c0f35702533abec7

Motorola 680x0 architecture:


Size/MD5 checksum: 737612 cdc5648c0a2f0785d9a31f8bed6225cc

Size/MD5 checksum: 37762 138c8847fc4586c4fbabe0358427b752

Size/MD5 checksum: 736502 387d9a32b505ec7f3e8cedad5390095a

Big endian MIPS architecture:


Size/MD5 checksum: 824132 16515eef87fbea27dd0269bbfd82b804

Size/MD5 checksum: 48868 b54faf31be830fc6d88ca91fd92aec15

Size/MD5 checksum: 824072 068d46cc7be1f70e369795eed39a5e2c

Little endian MIPS architecture:


Size/MD5 checksum: 824350 1e4beb825601c1d6034ed1236a1ddae0

Size/MD5 checksum: 48770 ae84a1825f88b5e12ed94a4050bac66c

Size/MD5 checksum: 824764 dc94f41f414b487a5fb242abf1691c71

PowerPC architecture:


Size/MD5 checksum: 793734 8751038ff5bc501e701568180cf918df

Size/MD5 checksum: 44782 a295cd17f3d6f97d5f41a149c4aafe76

Size/MD5 checksum: 792296 a8e7e8d5c05ad550d02ebed47ec98ee8

IBM S/390 architecture:


Size/MD5 checksum: 779618 0f914e0637333149eac25dfb72e1626a

Size/MD5 checksum: 43928 f88d92626105590087361b2d8042c3f7

Size/MD5 checksum: 778952 a1f2ada573819be4637929c3763a6193

Sun Sparc architecture:


Size/MD5 checksum: 784920 0309da1ad933034ebcec4c44e6bad64a

Size/MD5 checksum: 42440 d26369a10e324da946baa8d17f401c1c

Size/MD5 checksum: 782482 4ae58125f8e4daea23660df37e867c14

These files will probably be moved into the stable distribution on
its next revision.

Severity
Package : exim exim-tls
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0743

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved