FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Exim -- remote code execution and information disclosure

Affected packages
4.70 <= exim < 4.76

Details

VuXML ID 36594c54-7be7-11e0-9838-0022156e8794
Discovery 2011-05-10
Entry 2011-05-14

Release notes for Exim 4.76 says:

Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution.

DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header cause arbitrary Exim lookups (of items which can occur in lists, *not* arbitrary string expansion). This allowed for information disclosure.

Also, impact assessment was redone shortly after the original announcement:

Further analysis revealed that the second security was more severe than I realised at the time that I wrote the announcement. The second security issue has been assigned CVE-2011-1407 and is also a remote code execution flaw. For clarity: both issues were introduced with 4.70.

References

CVE Name CVE-2011-1407
CVE Name CVE-2011-1764
Message 20110512102909.GA58484@redoubt.spodhuis.org
URL http://bugs.exim.org/show_bug.cgi?id=1106