X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/8b663e4da84935dda5a709fe94d0afccf948a19a..ce2074176131e562ba032a0da8d1b1e5058880bc:/templates/static/doc/CVE-2016-9963.txt diff --git a/templates/static/doc/CVE-2016-9963.txt b/templates/static/doc/CVE-2016-9963.txt deleted file mode 100644 index ae85a73..0000000 --- a/templates/static/doc/CVE-2016-9963.txt +++ /dev/null @@ -1,86 +0,0 @@ -CVE ID: CVE-2016-9963 -Date: 2016-12-15 -Credits: Bjoern Jacke -Version(s): 4.69 -> 4.87 -Issue: If several conditions are met, Exim leaks private information - to a remote attacker. - -Conditions -========== - -If *all* of the following conditions are met - - Build options - ------------- - - * Exim is built with DKIM enabled (default for newer versions) - exim -bV | grep 'Support.*DKIM' - - Runtime options - --------------- - - * Exim uses DKIM signing (transport options dkim_private_key, - dkim_domain, and other) - - * The dkim_private_key option names a file containing the key. - - exim -bP transports | grep 'dkim_private_key = .' - - * Exim uses PRDR (transport option hosts_try_prdr) (default - since 4.86) - - exim -bP transports | grep 'hosts_try_prdr = .' - - *OR* - - Exim uses the LMTP protocol variant for SMTP transport. - - exim -bP transports | grep 'protocol = lmtp' - - Operation - --------- - - * Exim transports a multi-recipient message - - * The destination host supports PRDR - OR - the message transport uses LMTP - - * One or more recipients are rejected after the DATA phase - -Impact -====== - -Exim leaks the private DKIM signing key to the log files. Additionally, -if the build option EXPERIMENTAL_DSN_INFO=yes is used, the key material -is included in the bounce message. - -Fix -=== - -Install a fixed Exim version: - - 4.88 (available soon) - 4.87.1 (available soon) - -If you can't install one of the above versions, ask your package -maintainer for a version containing the backported fix. On request and -depending on our resources we will support you in backporting the fix. -(Please note, that Exim project officially doesn't support versions -prior the current stable version.) - -Workaround -========== - -Disable PRDR in your outgoing transport(s): set hosts_try_prdr to an -empty string. - -AND do not use the LMTP protocol variant of the SMTP driver. - -Indication -========== - -You can check if you where affected already. The mainlog entries look like this: - -2016-12-17 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after -----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd\n+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+Y\ndhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB\nAoGAZPokJKQQmRK6a0zn5f8lWemy0airG66KhzDF0Pafb/nWKgDCB02gpJgdw5rJ\nbO7/HI3IeqsfRdYTP7tjfmZtPiPo1mnF7D1rSRspZjOF2yXY/ky7t7c5xChRcSxf\n+69CknwjrfteY9Aj0j6o7N+2w2uvHO+AAq8BHDgXKmPo0SECQQDzQ/glyhNH9tlO\nx+3TTMwwyZUf2mYYosN3Q9NIl3Umz/3+13K5b6Ed6fZvS/XwU55Qf5IBUVj2Fujk\nRv2lbGPpAkEA4okpnzYz5nm1X5WjpJPQPyo8nGEU1A5QfoDbkAvWYvVoYrpWPOx5\nHFpOAHkvSk1Y1vhCUa+zHwiQRBC8OMp6LwJBAOAUK/AjQ792UpWO9DM++pe2F/dP\nZdwrkYG6qFSlrvQhgwXLz5GgkfjMGoRKpDDL1XixCfzMwfVtBPnBqsNGJIECQGYX\nSIGu7L7edMXJ60C9OKluwHf9LGTQuqf4LHsDSq+4Rz3PGhREwePsMqD1/EDxEKt4\noHKtyvyeYF28aQbzARMCQQCRtJlR6vlKhxYL8+xoPrCu3MijKgVruRUcNstXkDZK\nfKQax6vhiMq+0qIiEwLA1wavyLVKZ7Mfag+/4NTcDUVC\n-----END RSA PRIVATE KEY-----\n: 550 PRDR R= refusal - diff --git a/templates/static/doc/CVE-2016-9963.txt b/templates/static/doc/CVE-2016-9963.txt new file mode 120000 index 0000000..0fb9fb5 --- /dev/null +++ b/templates/static/doc/CVE-2016-9963.txt @@ -0,0 +1 @@ +security/CVE-2016-9963.txt \ No newline at end of file