- --------------------------------------------------------------------------
Debian Security Advisory DSA 376-2                     security@debian.org 
Debian -- Security Information                              Matt Zimmerman
September 7th, 2003                      Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : exim exim-tls
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0743

A buffer overflow exists in exim, which is the standard mail transport
agent in Debian.  By supplying a specially crafted HELO or EHLO
command, an attacker could cause a constant string to be written past
the end of a buffer allocated on the heap.  This vulnerability is not
believed at this time to be exploitable to execute arbitrary code.

The exim package included in the previous advisory contained some
documentation files which were installed with incorrect permissions.
This problem is fixed in exim 3.35-1woody2.

For the stable distribution (woody) this problem has been fixed in
exim version 3.35-1woody2 and exim-tls version 3.35-3woody1.

For the unstable distribution (sid) this problem has been fixed in
exim version 3.36-8.  The unstable distribution does not contain an
exim-tls package.

We recommend that you update your exim or exim-tls package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      661 26b678a3008cfc4137828ed87854a68b
      
      Size/MD5 checksum:    79356 4fbc522328ef3457849392aa962ee158
      
      Size/MD5 checksum:  1271057 42d362e40a21bd7ffc298f92c8bd986a
      
      Size/MD5 checksum:      677 efc414eda2eaf3b739c0ff1d0ce1ce08
      
      Size/MD5 checksum:    79663 3b0ffcb9a0c4662ba908f622e6bc6923
      
      Size/MD5 checksum:  1271057 42d362e40a21bd7ffc298f92c8bd986a

  Alpha architecture:

      
      Size/MD5 checksum:   872552 63ce5094ddee06b513ff435e0ee0f1a1
      
      Size/MD5 checksum:    52316 35227547daebb787fa6ad8a4c7b7de4d
      
      Size/MD5 checksum:   873212 19bba89ff92748d38fc68a667474ed35

  ARM architecture:

      
      Size/MD5 checksum:   785618 c1892595d4ac8b0dd3e7ce9b26a088bf
      
      Size/MD5 checksum:    43510 ee93deb829c75498646888e96efe79dc
      
      Size/MD5 checksum:   783822 4a14319839d9f01dd2be37e047fd6d66

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   758888 1a754baf670f98a0588cdf0f25faf52f
      
      Size/MD5 checksum:    39204 0a1f04494167f1c9a8d2f4a1fc7409c6
      
      Size/MD5 checksum:   759152 ad293a317eb4ee7bccffff05a425156e

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   972522 c092722374ddcaf685ffa76dc5d8b9a1
      
      Size/MD5 checksum:    65168 28329a2b344088598566c6b6a6e8a10a
      
      Size/MD5 checksum:   973764 ee164461e235691d1ebbd5499535bb23

  HP Precision architecture:

      
      Size/MD5 checksum:   814974 5aeed1d898554bde0ddeb65e05172229
      
      Size/MD5 checksum:    48282 4df870c3013b57437157b4796285ca08
      
      Size/MD5 checksum:   813986 5b98643ddca3a563c0f35702533abec7

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   737684 f03d8c7db3d1829563359cb4801834c4
      
      Size/MD5 checksum:    37766 8c717d391f22e15369bedb58c84b0b2b
      
      Size/MD5 checksum:   736502 387d9a32b505ec7f3e8cedad5390095a

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   824182 057be740675f12ddede719b5e153c856
      
      Size/MD5 checksum:    48878 9ad962d4376d745d01647d3ff8d84455
      
      Size/MD5 checksum:   824072 068d46cc7be1f70e369795eed39a5e2c

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   824412 a3bdb11188295320929fafe50062d6f5
      
      Size/MD5 checksum:    48772 e071d683f83aab5ac7712f4409a92d2e
      
      Size/MD5 checksum:   824764 dc94f41f414b487a5fb242abf1691c71

  PowerPC architecture:

      
      Size/MD5 checksum:   793784 5f8b069857c23ad7d8ce8840ac38748f
      
      Size/MD5 checksum:    44786 9a7d8556f44fb9995f1928e5625161fa
      
      Size/MD5 checksum:   792296 a8e7e8d5c05ad550d02ebed47ec98ee8

  IBM S/390 architecture:

      
      Size/MD5 checksum:   779680 a4196fb3142aa9baaa6ac7b18a7ff812
      
      Size/MD5 checksum:    43926 954cd43dcfec0f95922e5b354cad94d5
      
      Size/MD5 checksum:   778952 a1f2ada573819be4637929c3763a6193

  Sun Sparc architecture:

      
      Size/MD5 checksum:   784988 e19c2e5ef5c5d8d52ec9e977eefd9380
      
      Size/MD5 checksum:    42434 6e0dcc3ae42401f938ea132a7fbe75e5
      
      Size/MD5 checksum:   782482 4ae58125f8e4daea23660df37e867c14

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: exim buffer overflow vulnerability

September 8, 2003
A buffer overflow exists in exim.

Summary

A buffer overflow exists in exim, which is the standard mail transport
agent in Debian. By supplying a specially crafted HELO or EHLO
command, an attacker could cause a constant string to be written past
the end of a buffer allocated on the heap. This vulnerability is not
believed at this time to be exploitable to execute arbitrary code.

The exim package included in the previous advisory contained some
documentation files which were installed with incorrect permissions.
This problem is fixed in exim 3.35-1woody2.

For the stable distribution (woody) this problem has been fixed in
exim version 3.35-1woody2 and exim-tls version 3.35-3woody1.

For the unstable distribution (sid) this problem has been fixed in
exim version 3.36-8. The unstable distribution does not contain an
exim-tls package.

We recommend that you update your exim or exim-tls package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


Size/MD5 checksum: 661 26b678a3008cfc4137828ed87854a68b

Size/MD5 checksum: 79356 4fbc522328ef3457849392aa962ee158

Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a

Size/MD5 checksum: 677 efc414eda2eaf3b739c0ff1d0ce1ce08

Size/MD5 checksum: 79663 3b0ffcb9a0c4662ba908f622e6bc6923

Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a

Alpha architecture:


Size/MD5 checksum: 872552 63ce5094ddee06b513ff435e0ee0f1a1

Size/MD5 checksum: 52316 35227547daebb787fa6ad8a4c7b7de4d

Size/MD5 checksum: 873212 19bba89ff92748d38fc68a667474ed35

ARM architecture:


Size/MD5 checksum: 785618 c1892595d4ac8b0dd3e7ce9b26a088bf

Size/MD5 checksum: 43510 ee93deb829c75498646888e96efe79dc

Size/MD5 checksum: 783822 4a14319839d9f01dd2be37e047fd6d66

Intel IA-32 architecture:


Size/MD5 checksum: 758888 1a754baf670f98a0588cdf0f25faf52f

Size/MD5 checksum: 39204 0a1f04494167f1c9a8d2f4a1fc7409c6

Size/MD5 checksum: 759152 ad293a317eb4ee7bccffff05a425156e

Intel IA-64 architecture:


Size/MD5 checksum: 972522 c092722374ddcaf685ffa76dc5d8b9a1

Size/MD5 checksum: 65168 28329a2b344088598566c6b6a6e8a10a

Size/MD5 checksum: 973764 ee164461e235691d1ebbd5499535bb23

HP Precision architecture:


Size/MD5 checksum: 814974 5aeed1d898554bde0ddeb65e05172229

Size/MD5 checksum: 48282 4df870c3013b57437157b4796285ca08

Size/MD5 checksum: 813986 5b98643ddca3a563c0f35702533abec7

Motorola 680x0 architecture:


Size/MD5 checksum: 737684 f03d8c7db3d1829563359cb4801834c4

Size/MD5 checksum: 37766 8c717d391f22e15369bedb58c84b0b2b

Size/MD5 checksum: 736502 387d9a32b505ec7f3e8cedad5390095a

Big endian MIPS architecture:


Size/MD5 checksum: 824182 057be740675f12ddede719b5e153c856

Size/MD5 checksum: 48878 9ad962d4376d745d01647d3ff8d84455

Size/MD5 checksum: 824072 068d46cc7be1f70e369795eed39a5e2c

Little endian MIPS architecture:


Size/MD5 checksum: 824412 a3bdb11188295320929fafe50062d6f5

Size/MD5 checksum: 48772 e071d683f83aab5ac7712f4409a92d2e

Size/MD5 checksum: 824764 dc94f41f414b487a5fb242abf1691c71

PowerPC architecture:


Size/MD5 checksum: 793784 5f8b069857c23ad7d8ce8840ac38748f

Size/MD5 checksum: 44786 9a7d8556f44fb9995f1928e5625161fa

Size/MD5 checksum: 792296 a8e7e8d5c05ad550d02ebed47ec98ee8

IBM S/390 architecture:


Size/MD5 checksum: 779680 a4196fb3142aa9baaa6ac7b18a7ff812

Size/MD5 checksum: 43926 954cd43dcfec0f95922e5b354cad94d5

Size/MD5 checksum: 778952 a1f2ada573819be4637929c3763a6193

Sun Sparc architecture:


Size/MD5 checksum: 784988 e19c2e5ef5c5d8d52ec9e977eefd9380

Size/MD5 checksum: 42434 6e0dcc3ae42401f938ea132a7fbe75e5

Size/MD5 checksum: 782482 4ae58125f8e4daea23660df37e867c14

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/



Severity
Package : exim exim-tls
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0743

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved