[exim-dev] [Bug 2835] New: [exim] CVE-2018-6789 Exim 4.90 an…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: admin
Ημερομηνία:  
Προς: exim-dev
Αντικείμενο: [exim-dev] [Bug 2835] New: [exim] CVE-2018-6789 Exim 4.90 and earlier: buffer overflo
https://bugs.exim.org/show_bug.cgi?id=2835

            Bug ID: 2835
           Summary: [exim] CVE-2018-6789 Exim 4.90 and earlier: buffer
                    overflo
           Product: Exim
           Version: 4.94
          Hardware: x86
                OS: Windows
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Exipick
          Assignee: unallocated@???
          Reporter: lexenluis@???
                CC: exim-dev@???


There is a buffer overflow in an utility function, if some pre-conditions
are met. Using a handcrafted message, remote code execution seems to be
possible.

A patch exists already and is being tested.

Currently we're unsure about the severity, we *believe*, an exploit
is difficult. A mitigation isn't known.

Next steps:

* t0:     Distros will get access to our "security" non-public git repo
          (based on the SSH keys known to us)
* t0 +7d: Patch will be published on the official public git repo



t0 will be around 2018-02-08.

Timeline
--------

* 2018-02-05 Report from Meh Chang <meh@???> via exim-security mailing list
* 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko)
             CVE-2018-6789
* 2018-02-07 Announcement to the public via exim-users, exim-maintainers
             mailing lists and on oss-security mailing list



Updates will follow. Here and on https://exim.org/security/CVE-2018-6789.txt
(Link will start to exist around 11.00 UTC).

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -


--
You are receiving this mail because:
You are on the CC list for the bug.