USN-1060-1: Exim vulnerabilities

10 February 2011

exim4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Summary

Software Description

  • exim4

Details

It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the “Debian-exim” user could use an alternate configuration file to obtain root privileges. (CVE-2010-4345)

It was discovered that Exim incorrectly handled certain return values when handling logging. An attacker that obtained privileges of the “Debian-exim” user could use this flaw to obtain root privileges. (CVE-2011-0017)

Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit mail directories. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. (CVE-2010-2023)

Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. (CVE-2010-2024)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10
exim4-daemon-custom - 4.72-1ubuntu1.1
exim4-daemon-heavy - 4.72-1ubuntu1.1
exim4-daemon-light - 4.72-1ubuntu1.1
Ubuntu 10.04 LTS
exim4-daemon-custom - 4.71-3ubuntu1.1
exim4-daemon-heavy - 4.71-3ubuntu1.1
exim4-daemon-light - 4.71-3ubuntu1.1
Ubuntu 9.10
exim4-daemon-custom - 4.69-11ubuntu4.2
exim4-daemon-heavy - 4.69-11ubuntu4.2
exim4-daemon-light - 4.69-11ubuntu4.2
Ubuntu 8.04 LTS
exim4-daemon-custom - 4.69-2ubuntu0.3
exim4-daemon-heavy - 4.69-2ubuntu0.3
exim4-daemon-light - 4.69-2ubuntu0.3
Ubuntu 6.06 LTS
exim4-daemon-custom - 4.60-3ubuntu3.3
exim4-daemon-heavy - 4.60-3ubuntu3.3
exim4-daemon-light - 4.60-3ubuntu3.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

ATTENTION: This security update brings changes to Exim’s behaviour. Please review the following information carefully, as your Exim configuration may need to be adjusted after applying this update.

Exim no longer runs alternate configuration files specified with the -C option as root. The new /etc/exim4/trusted_configs file can be used to override this new behaviour. Files listed in trusted_configs and owned by root will be run with root privileges when using the -C option.

In addition, Exim no longer runs as root when the -D option is used. Macro definitions that require root privileges should now be placed in trusted configuration files.

Please see the /usr/share/doc/exim4-*/NEWS.Debian file for detailed information.

References