From: Heiko Schlittermann (HS12-RIPE) Date: Thu, 5 Sep 2019 16:37:58 +0000 (+0200) Subject: Add CVE-2019-15846 document X-Git-Url: https://git.exim.org/exim-website.git/commitdiff_plain/3c78bd2faccc7516a63a0fc1dac75b8c5256adf6 Add CVE-2019-15846 document --- diff --git a/templates/static/doc/security/CVE-2019-15846.txt b/templates/static/doc/security/CVE-2019-15846.txt new file mode 100644 index 0000000..3a78aa5 --- /dev/null +++ b/templates/static/doc/security/CVE-2019-15846.txt @@ -0,0 +1,61 @@ +CVE ID: CVE-2019-15846 +Date: 2019-09-02 (CVE assigned) +Credits: Zerons for the initial report + Qualys https://www.qualys.com/ for the analysis +Version(s): all versions up to and including 4.92.1 +Issue: A local or remote attacker can execute programs with root + privileges. + +Conditions to be vulnerable +=========================== + +If your Exim server accepts TLS connections, it is vulnerable. This does +not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected. + +Details +======= + +The vulnerability is exploitable by sending a SNI ending in a +backslash-null sequence during the initial TLS handshake. The exploit +exists as a POC. + +For more details see doc/doc-txt/cve-2019-15846/ in the source code +repository. + +Mitigation +========== + +Do not offer TLS. (This mitigation is not recommended.) + +Fix +=== + +Download and build a fixed version: + + Tarballs: https://ftp.exim.org/pub/exim/exim4/ + Git: https://github.com/Exim/exim.git + - tag exim-4.92.2 + - branch exim-4.92.2+fixes + +The tagged commit is the officially released version. The +fixes branch +isn't officially maintained, but contains the security fix *and* useful +fixes. + +If you can't install the above versions, ask your package maintainer for +a version containing the backported fix. On request and depending on our +resources we will support you in backporting the fix. (Please note, +the Exim project officially doesn't support versions prior the current +stable version.) + +Timeline +-------- + +2019-07-21 - Report from Zerons to security@exim.org +....-..-.. - Analysis by Qualys + - Fix and tests +2019-09-02 - CVE assigned +2019-09-03 - Details to distros@vs.openwall.org, exim-maintainers@exim.org + - Grant access to the security repo +2019-09-04 - Heads-Up to oss-security@lists.openwall.com, exim-users@exim.org +2019-09-06 - 10.00 UTC Coordinated Release Date + - Disclosure to oss-security, exim-users, public repositories