[exim] SECURITY: OpenSSL advisory's impact on Exim

Top Page

Reply to this message
Author: Phil Pennock
To: Exim Users
Subject: [exim] SECURITY: OpenSSL advisory's impact on Exim
Today, OpenSSL issued a security advisory:

OpenSSL is one of the two available implementations of the TLS protocol
in Exim. The other is GnuTLS. In the output of { exim -bV } is a line
"Support for:"; if it does not include "OpenSSL" then you are not

The OpenSSL advisory covers two issues:
(1) CVE-2011-3207: CRL validation with expired CRLs
(2) CVE-2011-3210: TLS ephemeral ECDH crashes

For those with lawyers:
As always, the safest possible action is to upgrade OpenSSL and,
depending upon your paranoia level, rebuild Exim against it. Nothing in
this email should discourage you from doing so and I accept no liability
for anyone failing to update and subsequently being exposed. This email
offers my analysis of what the impact is and who should prioritise an
upgrade. If you are triaging this incident, this email may assist in
understanding the impact. I may be wrong. Use your own best judgement.

Problem 2 only applies to threaded OpenSSL, but applies to more
versions. Exim does not use threaded OpenSSL, so there should be no
crash problem. There should not be a need to take action for this point

Problem 1 may affect some Exim users. I believe it to be a minority,
but those sites which are affected will typically be larger

If you are using OpenSSL 1.0.0 through 1.0.0d and:
 (a) if you are using SSL client certificates to validate people
     connecting to Exim to send email, then you may be exposed.
 (b) if you are running those versions and have agreed to verify the
     identity of a remote MTA to which Exim delivers email, then you may
     be exposed.

You can run { exim -d -bV } (most portably) to get information about
Exim and the major libraries it was linked with; this will tell you
version of OpenSSL you are currently using (and which was the version
you built Exim against).

(a) If you issue SSL client certificates for authenticating client
identity, rather than passwords or Kerberos, then the part of the
OpenSSL library which validates the revocation lists is affected; I have
no details beyond the advisory with which to assess the extent of the
exposure of even if Exim uses the relevant code.

(b) When an MTA acts as a client of TLS, then this is for delivery to
MX; there is no defined identity to use for verifying the remote site's
claimed identity in a certificate, therefore by default all SSL/TLS
between MTAs is subject to Man-in-the-Middle attack. Administrators may
choose, by agreement between themselves, that they will verify the
identity of certain remote sites, using manually defined identities.
This is somewhat unusual. But if you have done so, then you may be
exposed by the CRL validation failures.

As far as I can tell from reading the advisory, updating OpenSSL itself
is all that is needed and there is no direct need to recompile Exim
afterwards. If you jumped multiple versions of OpenSSL, then there may
be ABI breakage, which would suggest that recompiling is the safer
course of action.