Full Disclosure mailing list archives
iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability
From: "customer service mailbox" <customerservice () idefense com>
Date: Wed, 19 Jan 2005 11:12:00 -0500
There has been some confusion over the CVE numbers issued for three recently released Exim security vulnerabilities. In discussions with both Mitre and the Exim maintainers, a decision has been made to issue the following CVE numbers for these vulnerabilities: Exim dns_buld_reverse() Buffer Overflow Vulnerability http://www.idefense.com/application/poi/display?id=183&type=vulnerabilit ies CAN-2005-0021 Exim host_aton() Buffer Overflow Vulnerability http://www.idefense.com/application/poi/display?id=179&type=vulnerabilit ies CAN-2005-0021 Exim auth_spa_server() Buffer Overflow Vulnerability http://www.idefense.com/application/poi/display?id=178&type=vulnerabilit ies CAN-2005-0022 The determination was made by Mitre to combine the dns_buld_reverse() and host_aton() into a single CVE number due the fact that they are both buffer overflows addressed by the same patch.
/usr/bin/exim -bh ::%A`perl -e 'print pack('L',0xdeadbeef') x 256'`
That one is syntactically invalid, and neither of the obvious fixes does result in a crash on Debian sid. exim 4.34-9, dated 2004-12-08, correctly complains that it is unable to parse the parameter as an IPv6 address and exits with an exit code of 1. The same happens with a locally built 4.41 without Debian patches.
Marc - I appreciate your bringing this to our attention. You are correct
that the code was syntactically invalid. We have updated the advisory
with the following code:
/path/to/exim-binary -bh ::%A:::::::::::::::::`perl -e 'print
pack("L",0xdeadbeef) x 256'`
Lastly, the wording of the Vendor Response section has been updated to
clarify the correct vendor fix for this issue.
"The vulnerability has been fixed in Exim release 4.44."
The public advisories on the iDEFENSE web site have been updated to
reflect these changes.
My apologies for the confusion.
Regards,
Michael Sutton
Director, iDEFENSE Labs
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability idlabs-advisories (Jan 14)
- Re: iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability Marc Haber (Jan 16)
- Re: iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability Florian Weimer (Jan 16)
- Re: iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability Nick FitzGerald (Jan 16)
- <Possible follow-ups>
- iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability customer service mailbox (Jan 19)
- Re: iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability Marc Haber (Jan 16)