USN-1060-1: Exim vulnerabilities

Releases

• Ubuntu 10.10
• Ubuntu 10.04
• Ubuntu 9.10
• Ubuntu 8.04
• Ubuntu 6.06

Packages

• exim4 -

Details

It was discovered that Exim contained a design flaw in the way it processed
alternate configuration files. An attacker that obtained privileges of the
"Debian-exim" user could use an alternate configuration file to obtain
root privileges. (CVE-2010-4345)

It was discovered that Exim incorrectly handled certain return values when
handling logging. An attacker that obtained privileges of the "Debian-exim"
user could use this flaw to obtain root privileges. (CVE-2011-0017)

Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit
mail directories. If Exim were configured in this manner, a local user
could use this flaw to cause a denial of service or possibly gain
privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10,
and 10.04 LTS. (CVE-2010-2023)

Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If
Exim were configured in this manner, a local user could use this flaw to
cause a denial of service or possibly gain privileges. This issue only
applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. (CVE-2010-2024)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10

• exim4-daemon-heavy - 4.69-11ubuntu4.2
• exim4-daemon-custom - 4.69-11ubuntu4.2
• exim4-daemon-light - 4.69-11ubuntu4.2

Ubuntu 8.04

• exim4-daemon-heavy - 4.69-2ubuntu0.3
• exim4-daemon-custom - 4.69-2ubuntu0.3
• exim4-daemon-light - 4.69-2ubuntu0.3

Ubuntu 6.06

• exim4-daemon-heavy - 4.60-3ubuntu3.3
• exim4-daemon-custom - 4.60-3ubuntu3.3
• exim4-daemon-light - 4.60-3ubuntu3.3

Ubuntu 10.10

• exim4-daemon-heavy - 4.72-1ubuntu1.1
• exim4-daemon-custom - 4.72-1ubuntu1.1
• exim4-daemon-light - 4.72-1ubuntu1.1

Ubuntu 10.04

• exim4-daemon-heavy - 4.71-3ubuntu1.1
• exim4-daemon-custom - 4.71-3ubuntu1.1
• exim4-daemon-light - 4.71-3ubuntu1.1

In general, a standard system update will make all the necessary changes.

ATTENTION: This security update brings changes to Exim's behaviour. Please
review the following information carefully, as your Exim configuration may
need to be adjusted after applying this update.

Exim no longer runs alternate configuration files specified with the -C
option as root. The new /etc/exim4/trusted_configs file can be used to
override this new behaviour. Files listed in trusted_configs and owned by
root will be run with root privileges when using the -C option.

In addition, Exim no longer runs as root when the -D option is used. Macro
definitions that require root privileges should now be placed in trusted
configuration files.

Please see the /usr/share/doc/exim4-*/NEWS.Debian file for detailed
information.

References

• CVE-2010-2023
• CVE-2010-2024
• CVE-2010-4345
• CVE-2011-0017