The Server Pages

»

TheServerPages Articles

»

Servers

»

CPanel

»

Security

May 6,2004: New Exim Vulnerability

Author: Wojjie     Posted: 2004-05-14     Viewed: 4,843

A new exim vulnerability was reported May 6th, 2004. Here is a link to one of the advisories I came across:

Exim Buffer Overflow Vulnerabilities
Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability

Sender Verification (reported to affect 3.35)

Temporary Work Around

It appears there is only an issue with this vulnerability if exim is setup with "sender_verify = true" in the exim.conf file. A temporary work around is to disable this confugration directive and restart exim.

Fix

Update to a newer version of exim.


Header Syntax Checking (reported to affect 3.35, and 4.32)

Temporary Work Around
For 3.35:
Disable 'headers_check_syntax', if it has been enabled.

For 4.32:
Disable 'require verify = header_syntax', if it has been enabled.

Fix

Update to a newer version of exim. Currently CPanel has released an update for the EDGE and CURRENT builds, but there is still no update for the RELEASE and STABLE builds.

You may be able to force it to update exim to the newest version by running the following commands:

/scripts/updatenow
/scripts/updated
/scripts/exim4

Comments

Copyright © 2004-2015: TheServerPages.com