Exim vulnerability

New (3.3.2)

Impact

If this vulnerability exists, a remote attacker could execute arbitrary commands.

Background

Exim is a mail transfer agent (MTA) for Unix systems. Like other MTA's such as Sendmail, it processes incoming and outgoing e-mail messages in accordance with the Simple Mail Transfer Protocol (SMTP).

The Problem

Exim contains a portion of code which checks the syntax of e-mail message headers. Due to a format string vulnerability in the logging of errors produced by this check, it could be possible for a remote attacker to execute arbitrary commands.

This vulnerability is present in Exim versions prior to 3.12-10.1. It is only exploitable if the header syntax check is turned on. It is not exploitable by default.

Resolution

Download and install the latest version of Exim.

Where can I read more about this?

More information about this vulnerability is available from Debian Security Announcement 058-1.