Summary
-------
Six 0day exploits were filed against Exim.
None of these issues is related to transport security (TLS) being
on or off.
* 3 of them are related to SPA/NTLM, and EXTERNAL auth. If you do not use
SPA/NTLM, or EXTERNAL authentication, you're not affected.
These issues are fixed.
* One issue is related to data received from a proxy-protocol proxy. If
you do not use a proxy in front of Exim, you're not affected. If your
proxy is trustworthy, you're not affected. We're working on a fix.
* One is related to libspf2. If you do not use the `spf` lookup type
or the `spf` ACL condition, you are not affected.
* The last one is related to DNS lookups. If you use a trustworthy
resolver (which does validation of the data it receives), you're
not affected. We're working on a fix.
Schedule
--------
Currently we're in contact with the major distros and aim to release
those fixes that are available as soon as possible. (Aiming Monday, Oct
2nd.)
More Details
------------
ZDI-23-1468 | ZDI-CAN-17433 | CVE-2023-42114 | Exim bug 3001
------------------------------------------------------------
Subject: NTLM Challenge Out-Of-Bounds Read
CVSS Score: 3.7
Mitigation: Do not use SPA (NTLM) authentication
Subsystem: SPA auth
Fixed: 04107e98d, 4.96.1, 4.97
ZDI-23-1469 | ZDI-CAN-17434 | CVE-2023-42115 | Exim bug 2999
------------------------------------------------------------
Subject: AUTH Out-Of-Bounds Write
CVSS Score: 9.8
Mitigation: Do not offer EXTERNAL authentication.
Subsystem: EXTERNAL auth
Fixed: 7bb5bc2c6, 4.96.1, 4.97
ZDI-23-1470 | ZDI-CAN-17515 | CVE-2023-42116 | Exim bug 3000
------------------------------------------------------------
Subject: SMTP Challenge Stack-based Buffer Overflow
CVSS Score: 8.1
Mitigation: Do not use SPA (NTLM) authentication
Subsystem: SPA auth
Fixed: e17b8b0f1, 4.96.1, 4.97
ZDI-23-1471 | ZDI-CAN-17554 | CVE-2023-42117 | Exim Bug 3031
-------------------------------------------------------------
Subject: Improper Neutralization of Special Elements
CVSS Score: 8.1
Mitigation: Do not use Exim behind an untrusted proxy-protocol proxy
Subsystem: proxy protocol (not socks!)
Fix: not yet
ZDI-23-1472 | ZDI-CAN-17578 | CVE-2023-42118 | Exim Bug 3032
------------------------------------------------------------
Subject: libspf2 Integer Underflow
CVSS Score: 7.5
Mitigation: Do not use the `spf` condition in your ACL
Subsystem: spf
Remark: It is debatable if this should be filed against
libspf2.
ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42219 | Exim Bug 3033
------------------------------------------------------------
Subject: dnsdb Out-Of-Bounds Read
CVSS Score: 3.1
Mitigation: Use a trustworthy DNS resolver which is able to
validate the data according to the DNS record types.
Subsystem: dns lookups
Fix: not yet
Remark: It is still under consideration.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
