lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <FB24803D1DF2A34FA59FC157B77C970503C8B2D7@idserv04.idef.com>
From: customerservice at idefense.com (customer service mailbox)
Subject: iDEFENSE Security Advisory 01.14.05: Exim
	dns_buld_reverse() Buffer Overflow Vulnerability

There has been some confusion over the CVE numbers issued for three
recently released Exim security vulnerabilities. In discussions with
both Mitre and the Exim maintainers, a decision has been made to issue
the following CVE numbers for these vulnerabilities:

Exim dns_buld_reverse() Buffer Overflow Vulnerability
http://www.idefense.com/application/poi/display?id=183&type=vulnerabilit
ies
CAN-2005-0021

Exim host_aton() Buffer Overflow Vulnerability
http://www.idefense.com/application/poi/display?id=179&type=vulnerabilit
ies
CAN-2005-0021

Exim auth_spa_server() Buffer Overflow Vulnerability
http://www.idefense.com/application/poi/display?id=178&type=vulnerabilit
ies
CAN-2005-0022

The determination was made by Mitre to combine the dns_buld_reverse()
and host_aton() into a single CVE number due the fact that they are both
buffer overflows addressed by the same patch.

>> /usr/bin/exim -bh ::%A`perl -e 'print pack('L',0xdeadbeef') x 256'`

>That one is syntactically invalid, and neither of the obvious fixes
>does result in a crash on Debian sid. exim 4.34-9, dated 2004-12-08,
>correctly complains that it is unable to parse the parameter as an
>IPv6 address and exits with an exit code of 1. The same happens with a
>locally built 4.41 without Debian patches.

Marc - I appreciate your bringing this to our attention. You are correct
that the code was syntactically invalid. We have updated the advisory
with the following code:

   /path/to/exim-binary -bh ::%A:::::::::::::::::`perl -e 'print
pack("L",0xdeadbeef) x 256'`

Lastly, the wording of the Vendor Response section has been updated to
clarify the correct vendor fix for this issue.

   "The vulnerability has been fixed in Exim release 4.44."

The public advisories on the iDEFENSE web site have been updated to
reflect these changes.

My apologies for the confusion.

Regards,

Michael Sutton
Director, iDEFENSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ