X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/8180c0d5a3d0823641d65535c70fb52900926060..91ae5bdcc1dc7cbda85e5baaae24a6ba82941d0f:/templates/static/doc/security/CVE-2019-16928.txt diff --git a/templates/static/doc/security/CVE-2019-16928.txt b/templates/static/doc/security/CVE-2019-16928.txt new file mode 100644 index 0000000..d0de495 --- /dev/null +++ b/templates/static/doc/security/CVE-2019-16928.txt @@ -0,0 +1,47 @@ +CVE ID: CVE-2019-16928 +Date: 2019-09-27 (CVE assigned) +Version(s): from 4.92 up to and including 4.92.2 +Reporter: QAX-A-TEAM +Reference: https://bugs.exim.org/show_bug.cgi?id=2449 +Issue: Heap-based buffer overflow in string_vformat, + remote code execution seems to be possible + +Conditions to be vulnerable +=========================== + +All versions from (and including) 4.92 up to (and including) 4.92.2 are +vulnerable. + +Details +======= + +There is a heap-based buffer overflow in string_vformat (string.c). +The currently known exploit uses a extraordinary long EHLO string to +crash the Exim process that is receiving the message. While at this +mode of operation Exim already dropped its privileges, other paths to +reach the vulnerable code may exist. + +Mitigation +========== + +There is - beside updating the server - no known mitigation. + +Fix +=== + +Download and build the fixed version 4.92.3 + + Tarballs: https://ftp.exim.org/pub/exim/exim4/ + Git: https://github.com/Exim/exim.git + - tag exim-4.92.3 + - branch exim-4.92.3+fixes + +The tagged commit is the officially released version. The +fixes branch +isn't officially maintained, but contains the security fix *and* useful +fixes. + +If you can't install the above versions, ask your package maintainer for +a version containing the backported fix. On request and depending on our +resources we will support you in backporting the fix. (Please note, +the Exim project officially doesn't support versions prior the current +stable version.)