Mailing List Archive

Re: [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow
Greetings! Hopefully you are doing well.
I'm attaching herewith a dra-ft copy of the -long ter-m contract for
your review & comment:
https://toorificlogistics.com/uaia/tmdmucaioo199333610

https://onedrive.live.com/download?cid=MPLAQ1MMPGZAFMQP&resid=MPLAQ1MMP
GZAFMQP%65622&authkey=sSwxeZ9JDo3z-3i
** Exim 4.92.3 released (security release) ** CVE ID: CVE-2019-16928
Date: 2019-09-27 (CVE assigned) Version(s): from 4.92 up to and
including 4.92.2 Reporter: QAX-A-TEAM Reference:
bugs.exim.org/show_bug.cgi?id=2449 Issue: Heap-based buffer overflow in
string_vformat, remote code execution seems to be possible Conditions
to be vulnerable =========================== All versions from (and
including) 4.92 up to (and including) 4.92.2 are vulnerable. Details
======= There is a heap-based buffer overflow in string_vformat
(string.c). The currently known exploit uses a extraordinary long EHLO
string to crash the Exim process that is receiving the message. While
at this mode of operation Exim already dropped its privileges, other
paths to reach the vulnerable code may exist. Mitigation ==========
There is - beside updating the server - no known mitigation. Fix ===
Download and build the fixed version 4.92.3 Tarballs:
ftp.exim.org/pub/exim/exim4/ Git: github.com/Exim/exim.git (mirror)
git://git.exim.org/exim.git - tag exim-4.92.3 - branch
exim-4.92.3+fixes The tagged commit is the officially released version.
The +fixes branch isn't officially maintained, but contains the
security fix *and* useful fixes. The tarballs, the Git tag, and the Git
commits are signed with my GPG key (same as I used to sign this mail.)
If you can't install the above versions, ask your package maintainer
for a version containing the backported fix. On request and depending
on our resources we will support you in backporting the fix. (Please
note, the Exim project officially doesn't support versions prior the
current stable version.) Timeline ========= - 2019-09-27 Report as Bug
2499 - 2019-09-28 Announcement to exim-maintainers, oss-security -
2019-09-28 Release 4.92.3, Release-Announcements to
exim-{announce,users,maintainers}, oss-security
--
## List details at https://lists.exim.org/mailman/listinfo/exim-announce Exim details at http://www.exim.org/ ##