From: Heiko Schlittermann (HS12-RIPE) Date: Wed, 7 Feb 2018 09:08:17 +0000 (+0100) Subject: Add security/ item to the wrapper, move existing CVE*txt there X-Git-Url: https://git.exim.org/exim-website.git/commitdiff_plain/495815ed6a8cdeea3aeca8e7ddf59f506a801623 Add security/ item to the wrapper, move existing CVE*txt there --- diff --git a/templates/static/doc/CVE-2016-1531.txt b/templates/static/doc/CVE-2016-1531.txt deleted file mode 100644 index 5314d39..0000000 --- a/templates/static/doc/CVE-2016-1531.txt +++ /dev/null @@ -1,65 +0,0 @@ -Security fix for CVE-2016-1531 -============================== - -All installations having Exim set-uid root and using 'perl_startup' are -vulnerable to a local privilege escalation. Any user who can start an -instance of Exim (and this is normally *any* user) can gain root -privileges. - -The official fix is in Exim release 4.86.2. (tagged as exim-4_86_2) - -For your convenience we released 4.85.2 (tagged as exim-4_85_2) - 4.84.2 (tagged as exim-4_84_2) - -To support package maintainers on older systems we maintain (on a best -effort basis) GIT branches with backported patches for older releases: - - exim-4_80_1+CVE-2016-1531 - exim-4_82_1+CVE-2016-1531 - -(We didn't assign GIT tags, to indicate that's nothing real official.) - - -New options ------------ - -We had to introduce two new configuration options: - - keep_environment = - add_environment = - -Both options are empty per default. That is, Exim cleans the complete -environment on startup. This affects Exim itself and any subprocesses, -as transports, that may call other programs via some alias mechanisms, -as routers (queryprogram), lookups, and so on. - -** THIS MAY BREAK your existing installation ** - -If both options are not used in the configuration, Exim issues a warning -on startup. This warning disappears if at least one of these options is -used (even if set to an empty value). - -keep_environment should contain a list of trusted environment variables. -(Do you trust PATH?). This may be a list of names and REs. - - keep_environment = ^LDAP_ : FOO_PATH - -To add (or override) variables, you can use add_environment: - - add_environment = <; PATH=/sbin:/usr/sbin - - -New behaviour -------------- - -Now Exim changes its working directory to / right after startup, -even before reading its configuration. (Later Exim changes its working -directory to $spool_directory, as usual.) - -Exim only accepts an absolute configuration file path now, when using -the -C option. - - -Thank you for your understanding. - -[Heiko Schlittermann ] diff --git a/templates/static/doc/CVE-2016-1531.txt b/templates/static/doc/CVE-2016-1531.txt new file mode 120000 index 0000000..71440cf --- /dev/null +++ b/templates/static/doc/CVE-2016-1531.txt @@ -0,0 +1 @@ +security/CVE-2016-1531.txt \ No newline at end of file diff --git a/templates/static/doc/CVE-2016-9963.txt b/templates/static/doc/CVE-2016-9963.txt deleted file mode 100644 index d2374c6..0000000 --- a/templates/static/doc/CVE-2016-9963.txt +++ /dev/null @@ -1,97 +0,0 @@ -CVE ID: CVE-2016-9963 -Date: 2016-12-15 -Credits: Bjoern Jacke -Version(s): 4.69 -> 4.87 -Issue: If several conditions are met, Exim leaks private information - to a remote attacker. - -Conditions -========== - -If *all* of the following conditions are met - - Build options - ------------- - - * Exim is built with DKIM enabled (default for newer versions) - exim -bV | grep 'Support.*DKIM' - - Runtime options - --------------- - - * Exim uses DKIM signing (transport options dkim_private_key, - dkim_domain, and other) - - * The dkim_private_key option names a file containing the key. - - exim -bP transports | grep 'dkim_private_key = .' - - * Exim uses PRDR (transport option hosts_try_prdr) (default - since 4.86) - - exim -bP transports | grep 'hosts_try_prdr = .' - - *OR* - - Exim uses the LMTP protocol variant for SMTP transport. - - exim -bP transports | grep 'protocol = lmtp' - - Operation - --------- - - * Exim transports a multi-recipient message - - * The destination host supports PRDR - OR - the message transport uses LMTP - - * One or more recipients are rejected after the DATA phase - -Impact -====== - -Exim leaks the private DKIM signing key to the log files. Additionally, -if the build option EXPERIMENTAL_DSN_INFO=yes is used, the key material -is included in the bounce message. - -Fix -=== - -Install a fixed Exim version: - - 4.88 - 4.87.1 - -If you can't install one of the above versions, ask your package -maintainer for a version containing the backported fix. On request and -depending on our resources we will support you in backporting the fix. -(Please note, that Exim project officially doesn't support versions -prior the current stable version.) - -If you think that you MIGHT be affected, we HIGHLY recommend to create -a new set of DKIM keys and fade out the previous DKIM key soon to make -sure that a possibly leaked DKIM key can not be misused in the future. - - -Workaround -========== - -Disable PRDR in your outgoing transport(s): set hosts_try_prdr to an -empty string. - -AND do not use the LMTP protocol variant of the SMTP driver. - -Indication -========== - -You can check if you where affected already. The mainlog entries look like this: - -2016-12-17 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after -----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd\n+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+Y\ndhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB\nAoGAZPokJKQQmRK6a0zn5f8lWemy0airG66KhzDF0Pafb/nWKgDCB02gpJgdw5rJ\nbO7/HI3IeqsfRdYTP7tjfmZtPiPo1mnF7D1rSRspZjOF2yXY/ky7t7c5xChRcSxf\n+69CknwjrfteY9Aj0j6o7N+2w2uvHO+AAq8BHDgXKmPo0SECQQDzQ/glyhNH9tlO\nx+3TTMwwyZUf2mYYosN3Q9NIl3Umz/3+13K5b6Ed6fZvS/XwU55Qf5IBUVj2Fujk\nRv2lbGPpAkEA4okpnzYz5nm1X5WjpJPQPyo8nGEU1A5QfoDbkAvWYvVoYrpWPOx5\nHFpOAHkvSk1Y1vhCUa+zHwiQRBC8OMp6LwJBAOAUK/AjQ792UpWO9DM++pe2F/dP\nZdwrkYG6qFSlrvQhgwXLz5GgkfjMGoRKpDDL1XixCfzMwfVtBPnBqsNGJIECQGYX\nSIGu7L7edMXJ60C9OKluwHf9LGTQuqf4LHsDSq+4Rz3PGhREwePsMqD1/EDxEKt4\noHKtyvyeYF28aQbzARMCQQCRtJlR6vlKhxYL8+xoPrCu3MijKgVruRUcNstXkDZK\nfKQax6vhiMq+0qIiEwLA1wavyLVKZ7Mfag+/4NTcDUVC\n-----END RSA PRIVATE KEY-----\n: 550 PRDR R= refusal - -Even if there is no evidence in the existing log files, that a DKIM key -leakage happened this might have happened in the past, log files might -have been deleted already but a key leak could have ended up via mail -bounce in a user mail box - -[Heiko Schlittermann ] diff --git a/templates/static/doc/CVE-2016-9963.txt b/templates/static/doc/CVE-2016-9963.txt new file mode 120000 index 0000000..0fb9fb5 --- /dev/null +++ b/templates/static/doc/CVE-2016-9963.txt @@ -0,0 +1 @@ +security/CVE-2016-9963.txt \ No newline at end of file diff --git a/templates/static/doc/security/CVE-2016-1531.txt b/templates/static/doc/security/CVE-2016-1531.txt new file mode 100644 index 0000000..5314d39 --- /dev/null +++ b/templates/static/doc/security/CVE-2016-1531.txt @@ -0,0 +1,65 @@ +Security fix for CVE-2016-1531 +============================== + +All installations having Exim set-uid root and using 'perl_startup' are +vulnerable to a local privilege escalation. Any user who can start an +instance of Exim (and this is normally *any* user) can gain root +privileges. + +The official fix is in Exim release 4.86.2. (tagged as exim-4_86_2) + +For your convenience we released 4.85.2 (tagged as exim-4_85_2) + 4.84.2 (tagged as exim-4_84_2) + +To support package maintainers on older systems we maintain (on a best +effort basis) GIT branches with backported patches for older releases: + + exim-4_80_1+CVE-2016-1531 + exim-4_82_1+CVE-2016-1531 + +(We didn't assign GIT tags, to indicate that's nothing real official.) + + +New options +----------- + +We had to introduce two new configuration options: + + keep_environment = + add_environment = + +Both options are empty per default. That is, Exim cleans the complete +environment on startup. This affects Exim itself and any subprocesses, +as transports, that may call other programs via some alias mechanisms, +as routers (queryprogram), lookups, and so on. + +** THIS MAY BREAK your existing installation ** + +If both options are not used in the configuration, Exim issues a warning +on startup. This warning disappears if at least one of these options is +used (even if set to an empty value). + +keep_environment should contain a list of trusted environment variables. +(Do you trust PATH?). This may be a list of names and REs. + + keep_environment = ^LDAP_ : FOO_PATH + +To add (or override) variables, you can use add_environment: + + add_environment = <; PATH=/sbin:/usr/sbin + + +New behaviour +------------- + +Now Exim changes its working directory to / right after startup, +even before reading its configuration. (Later Exim changes its working +directory to $spool_directory, as usual.) + +Exim only accepts an absolute configuration file path now, when using +the -C option. + + +Thank you for your understanding. + +[Heiko Schlittermann ] diff --git a/templates/static/doc/security/CVE-2016-9963.txt b/templates/static/doc/security/CVE-2016-9963.txt new file mode 100644 index 0000000..d2374c6 --- /dev/null +++ b/templates/static/doc/security/CVE-2016-9963.txt @@ -0,0 +1,97 @@ +CVE ID: CVE-2016-9963 +Date: 2016-12-15 +Credits: Bjoern Jacke +Version(s): 4.69 -> 4.87 +Issue: If several conditions are met, Exim leaks private information + to a remote attacker. + +Conditions +========== + +If *all* of the following conditions are met + + Build options + ------------- + + * Exim is built with DKIM enabled (default for newer versions) + exim -bV | grep 'Support.*DKIM' + + Runtime options + --------------- + + * Exim uses DKIM signing (transport options dkim_private_key, + dkim_domain, and other) + + * The dkim_private_key option names a file containing the key. + + exim -bP transports | grep 'dkim_private_key = .' + + * Exim uses PRDR (transport option hosts_try_prdr) (default + since 4.86) + + exim -bP transports | grep 'hosts_try_prdr = .' + + *OR* + + Exim uses the LMTP protocol variant for SMTP transport. + + exim -bP transports | grep 'protocol = lmtp' + + Operation + --------- + + * Exim transports a multi-recipient message + + * The destination host supports PRDR + OR + the message transport uses LMTP + + * One or more recipients are rejected after the DATA phase + +Impact +====== + +Exim leaks the private DKIM signing key to the log files. Additionally, +if the build option EXPERIMENTAL_DSN_INFO=yes is used, the key material +is included in the bounce message. + +Fix +=== + +Install a fixed Exim version: + + 4.88 + 4.87.1 + +If you can't install one of the above versions, ask your package +maintainer for a version containing the backported fix. On request and +depending on our resources we will support you in backporting the fix. +(Please note, that Exim project officially doesn't support versions +prior the current stable version.) + +If you think that you MIGHT be affected, we HIGHLY recommend to create +a new set of DKIM keys and fade out the previous DKIM key soon to make +sure that a possibly leaked DKIM key can not be misused in the future. + + +Workaround +========== + +Disable PRDR in your outgoing transport(s): set hosts_try_prdr to an +empty string. + +AND do not use the LMTP protocol variant of the SMTP driver. + +Indication +========== + +You can check if you where affected already. The mainlog entries look like this: + +2016-12-17 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after -----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd\n+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+Y\ndhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB\nAoGAZPokJKQQmRK6a0zn5f8lWemy0airG66KhzDF0Pafb/nWKgDCB02gpJgdw5rJ\nbO7/HI3IeqsfRdYTP7tjfmZtPiPo1mnF7D1rSRspZjOF2yXY/ky7t7c5xChRcSxf\n+69CknwjrfteY9Aj0j6o7N+2w2uvHO+AAq8BHDgXKmPo0SECQQDzQ/glyhNH9tlO\nx+3TTMwwyZUf2mYYosN3Q9NIl3Umz/3+13K5b6Ed6fZvS/XwU55Qf5IBUVj2Fujk\nRv2lbGPpAkEA4okpnzYz5nm1X5WjpJPQPyo8nGEU1A5QfoDbkAvWYvVoYrpWPOx5\nHFpOAHkvSk1Y1vhCUa+zHwiQRBC8OMp6LwJBAOAUK/AjQ792UpWO9DM++pe2F/dP\nZdwrkYG6qFSlrvQhgwXLz5GgkfjMGoRKpDDL1XixCfzMwfVtBPnBqsNGJIECQGYX\nSIGu7L7edMXJ60C9OKluwHf9LGTQuqf4LHsDSq+4Rz3PGhREwePsMqD1/EDxEKt4\noHKtyvyeYF28aQbzARMCQQCRtJlR6vlKhxYL8+xoPrCu3MijKgVruRUcNstXkDZK\nfKQax6vhiMq+0qIiEwLA1wavyLVKZ7Mfag+/4NTcDUVC\n-----END RSA PRIVATE KEY-----\n: 550 PRDR R= refusal + +Even if there is no evidence in the existing log files, that a DKIM key +leakage happened this might have happened in the past, log files might +have been deleted already but a key leak could have ended up via mail +bounce in a user mail box + +[Heiko Schlittermann ] diff --git a/templates/wrapper.xsl b/templates/wrapper.xsl index 7a8cea9..36890ee 100644 --- a/templates/wrapper.xsl +++ b/templates/wrapper.xsl @@ -64,6 +64,7 @@
  • Mailing Lists
  • Wiki
  • Bugs
  • +
  • Security
  • Credits