Vulnerability Bulletins |
Múltiples vulnerabilidades en exim |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Principiante |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software |
exim 4.x exim-tls |
Description |
|
Se han encontrado dos vulnerabilidades en exim: CAN-2005-0021 - La función host_aton() puede generar una situación de desbordamiento de búfer debido a un manejo incorrecto de direcciones IPv6 con más de 8 componentes. CAN-2005-0022 - Existe una vulnerabilidad desbordamiento de búfer en la función spa_base64_to_bits(), que forma parte de la autenticación SPA. La vulnerabilidad solo es explotable si se utiliza este tipo de autenticación. |
|
Solution |
|
Actualización de software Fedora Linux Fedora Linux Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/SRPMS/exim-4.43-1.FC2.1.src.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/exim-4.43-1.FC2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/exim-mon-4.43-1.FC2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/exim-doc-4.43-1.FC2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/exim-sa-4.43-1.FC2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/debug/exim-debuginfo-4.43-1.FC2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/exim-4.43-1.FC2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/exim-mon-4.43-1.FC2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/exim-doc-4.43-1.FC2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/exim-sa-4.43-1.FC2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/debug/exim-debuginfo-4.43-1.FC2.1.i386.rpm Fedora Linux Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/SRPMS/exim-4.43-1.FC3.1.src.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/exim-4.43-1.FC3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/exim-mon-4.43-1.FC3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/exim-doc-4.43-1.FC3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/exim-sa-4.43-1.FC3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/debug/exim-debuginfo-4.43-1.FC3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/exim-4.43-1.FC3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/exim-mon-4.43-1.FC3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/exim-doc-4.43-1.FC3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/exim-sa-4.43-1.FC3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/debug/exim-debuginfo-4.43-1.FC3.1.i386.rpm Debian Linux Debian Linux 3.0 Fuentes: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.dsc http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.diff.gz http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz Alpha: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_alpha.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_alpha.deb ARM: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_arm.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_arm.deb Intel IA-32: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_i386.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_ia64.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_ia64.deb HPPA: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_hppa.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_hppa.deb Motorola 680x0: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_m68k.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_m68k.deb Big endian MIPS: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mips.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mips.deb Little endian MIPS: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mipsel.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_powerpc.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_s390.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_sparc.deb http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_sparc.deb Debian Linux (exim-tls) Debian Linux 3.0 Source: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3.dsc http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3.diff.gz http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz Alpha: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_alpha.deb ARM: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_arm.deb Intel IA-32: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_ia64.deb HPPA: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_hppa.deb Motorola 680x0: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_m68k.deb Big endian MIPS: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_mips.deb Little endian MIPS: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_sparc.deb SuSE Linux Distribuciones basadas en SuSE Linux - Actualizar mediante YaST Online Update Red Hat Linux Red Hat Desktop (v. 4) SRPMS exim-4.43-1.RHEL4.3.src.rpm IA-32 exim-4.43-1.RHEL4.3.i386.rpm exim-doc-4.43-1.RHEL4.3.i386.rpm exim-mon-4.43-1.RHEL4.3.i386.rpm exim-sa-4.43-1.RHEL4.3.i386.rpm x86_64 exim-4.43-1.RHEL4.3.x86_64.rpm exim-doc-4.43-1.RHEL4.3.x86_64.rpm exim-mon-4.43-1.RHEL4.3.x86_64.rpm exim-sa-4.43-1.RHEL4.3.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 4) SRPMS exim-4.43-1.RHEL4.3.src.rpm IA-32 exim-4.43-1.RHEL4.3.i386.rpm exim-doc-4.43-1.RHEL4.3.i386.rpm exim-mon-4.43-1.RHEL4.3.i386.rpm exim-sa-4.43-1.RHEL4.3.i386.rpm IA-64 exim-4.43-1.RHEL4.3.ia64.rpm exim-doc-4.43-1.RHEL4.3.ia64.rpm exim-mon-4.43-1.RHEL4.3.ia64.rpm exim-sa-4.43-1.RHEL4.3.ia64.rpm PPC exim-4.43-1.RHEL4.3.ppc.rpm exim-doc-4.43-1.RHEL4.3.ppc.rpm exim-mon-4.43-1.RHEL4.3.ppc.rpm exim-sa-4.43-1.RHEL4.3.ppc.rpm s390 exim-4.43-1.RHEL4.3.s390.rpm exim-doc-4.43-1.RHEL4.3.s390.rpm exim-mon-4.43-1.RHEL4.3.s390.rpm exim-sa-4.43-1.RHEL4.3.s390.rpm s390x exim-4.43-1.RHEL4.3.s390x.rpm exim-doc-4.43-1.RHEL4.3.s390x.rpm exim-mon-4.43-1.RHEL4.3.s390x.rpm exim-sa-4.43-1.RHEL4.3.s390x.rpm x86_64 exim-4.43-1.RHEL4.3.x86_64.rpm exim-doc-4.43-1.RHEL4.3.x86_64.rpm exim-mon-4.43-1.RHEL4.3.x86_64.rpm exim-sa-4.43-1.RHEL4.3.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 4) SRPMS exim-4.43-1.RHEL4.3.src.rpm IA-32 exim-4.43-1.RHEL4.3.i386.rpm exim-doc-4.43-1.RHEL4.3.i386.rpm exim-mon-4.43-1.RHEL4.3.i386.rpm exim-sa-4.43-1.RHEL4.3.i386.rpm IA-64 exim-4.43-1.RHEL4.3.ia64.rpm exim-doc-4.43-1.RHEL4.3.ia64.rpm exim-mon-4.43-1.RHEL4.3.ia64.rpm exim-sa-4.43-1.RHEL4.3.ia64.rpm x86_64 exim-4.43-1.RHEL4.3.x86_64.rpm exim-doc-4.43-1.RHEL4.3.x86_64.rpm exim-mon-4.43-1.RHEL4.3.x86_64.rpm exim-sa-4.43-1.RHEL4.3.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 4) SRPMS exim-4.43-1.RHEL4.3.src.rpm IA-32 exim-4.43-1.RHEL4.3.i386.rpm exim-doc-4.43-1.RHEL4.3.i386.rpm exim-mon-4.43-1.RHEL4.3.i386.rpm exim-sa-4.43-1.RHEL4.3.i386.rpm IA-64 exim-4.43-1.RHEL4.3.ia64.rpm exim-doc-4.43-1.RHEL4.3.ia64.rpm exim-mon-4.43-1.RHEL4.3.ia64.rpm exim-sa-4.43-1.RHEL4.3.ia64.rpm x86_64 exim-4.43-1.RHEL4.3.x86_64.rpm exim-doc-4.43-1.RHEL4.3.x86_64.rpm exim-mon-4.43-1.RHEL4.3.x86_64.rpm exim-sa-4.43-1.RHEL4.3.x86_64.rpm https://rhn.redhat.com/ |
|
Standar resources |
|
Property | Value |
CVE |
CAN-2005-0021 CAN-2005-0022 |
BID | |
Other resources |
|
Secunia Advisories SA13713 http://secunia.com/advisories/13713/ Fedora Core 2 Update Notification FEDORA-2005-001 http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00015.html Fedora Core 3 Update Notification FEDORA-2005-001 http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00016.html Debian Security Advisory DSA-635-1 http://www.debian.org/security/2005/dsa-635 Debian Security Advisory DSA-637-1 http://www.debian.org/security/2005/dsa-637 SUSE Security Summary Report SUSE-SR:2005:002 http://www.novell.com/linux/security/advisories/2005_02_sr.html Red Hat Security Advisory RHSA-2005:025-08 https://rhn.redhat.com/errata/RHSA-2005-025.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2005-01-11 |
1.1 | Aviso emitido por Debian Linux (DSA-635-1) | 2005-01-12 |
1.2 | Nuevo aviso emitido por Debian Linux (DSA-637-1) | 2005-01-14 |
1.3 | Aviso emitido por SuSE (SUSE-SR:2005:002) | 2005-01-28 |
2.0 | Exploit público disponible. Aviso emitido por Red Hat (RHSA-2005:025-08). | 2005-02-16 |