• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Exim Format String Vulnerability

Solution:
Foldi Tamas <crow@kapu.hu> has submitted an unofficial source code patch. It is available below.

Debian, Conectiva, and Red Hat have provided updates which rectify this issue.


University of Cambridge Exim 3.11

• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch

University of Cambridge Exim 3.12

• Debian 2.2 alpha exim_3.12-10.1_alpha.deb
  http://security.debian.org/dists/stable/updates/main/binary-alpha/exim _3.12-10.1_alpha.deb


• Debian 2.2 alpha eximon_3.12-10.1_alpha.deb
  http://security.debian.org/dists/stable/updates/main/binary-alpha/exim on_3.12-10.1_alpha.deb


• Debian 2.2 arm exim_3.12-10.1_arm.deb
  http://security.debian.org/dists/stable/updates/main/binary-arm/exim_3 .12-10.1_arm.deb


• Debian 2.2 arm eximon_3.12-10.1_arm.deb
  http://security.debian.org/dists/stable/updates/main/binary-arm/eximon _3.12-10.1_arm.deb


• Debian 2.2 i386 exim_3.12-10.1_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/exim_ 3.12-10.1_i386.deb


• Debian 2.2 i386 eximon_3.12-10.1_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/eximo n_3.12-10.1_i386.deb


• Debian 2.2 m68k exim_3.12-10.1_m68k.deb
  http://security.debian.org/dists/stable/updates/main/binary-m68k/exim_ 3.12-10.1_m68k.deb


• Debian 2.2 m68k eximon_3.12-10.1_m68k.deb
  http://security.debian.org/dists/stable/updates/main/binary-m68k/eximo n_3.12-10.1_m68k.deb


• Debian 2.2 ppc exim_3.12-10.1_powerpc.deb
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/ex im_3.12-10.1_powerpc.deb


• Debian 2.2 ppc eximon_3.12-10.1_powerpc.deb
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/ex imon_3.12-10.1_powerpc.deb


• Debian 2.2 sparc exim_3.12-10.1_sparc.deb
  http://security.debian.org/dists/stable/updates/main/binary-sparc/exim _3.12-10.1_sparc.deb


• Debian 2.2 sparc eximon_3.12-10.1_sparc.deb
  http://security.debian.org/dists/stable/updates/main/binary-sparc/exim on_3.12-10.1_sparc.deb


• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch

University of Cambridge Exim 3.13

• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch


• Red Hat powertools 6.2 alpha exim-3.22-6x.alpha.rpm
  ftp://updates.redhat.com/6.2/en/powertools/alpha/exim-3.22-6x.alpha.rp m


• Red Hat powertools 6.2 alpha exim-doc-3.22-6x.alpha.rpm
  ftp://updates.redhat.com/6.2/en/powertools/alpha/exim-doc-3.22-6x.alph a.rpm


• Red Hat powertools 6.2 alpha exim-mon-3.22-6x.alpha.rpm
  ftp://updates.redhat.com/6.2/en/powertools/alpha/exim-mon-3.22-6x.alph a.rpm


• Red Hat powertools 6.2 i386 exim-3.22-6x.i386.rpm
  ftp://updates.redhat.com/6.2/en/powertools/i386/exim-3.22-6x.i386.rpm


• Red Hat powertools 6.2 i386 exim-doc-3.22-6x.i386.rpm
  ftp://updates.redhat.com/6.2/en/powertools/i386/exim-doc-3.22-6x.i386. rpm


• Red Hat powertools 6.2 i386 exim-mon-3.22-6x.i386.rpm
  ftp://updates.redhat.com/6.2/en/powertools/i386/exim-mon-3.22-6x.i386. rpm


• Red Hat powertools 6.2 sparc exim-3.22-6x.sparc.rpm
  ftp://updates.redhat.com/6.2/en/powertools/sparc/exim-3.22-6x.sparc.rp m


• Red Hat powertools 6.2 sparc exim-doc-3.22-6x.sparc.rpm
  ftp://updates.redhat.com/6.2/en/powertools/sparc/exim-doc-3.22-6x.spar c.rpm


• Red Hat powertools 6.2 sparc exim-mon-3.22-6x.sparc.rpm
  ftp://updates.redhat.com/6.2/en/powertools/sparc/exim-mon-3.22-6x.spar c.rpm

University of Cambridge Exim 3.14

• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch

University of Cambridge Exim 3.15

• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch

University of Cambridge Exim 3.16

• Conectiva 6.0 exim-3.16-4U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/exim-3.16-4U60_1cl.i386.r pm


• Conectiva 6.0 exim-doc-3.16-4U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/exim-doc-3.16-4U60_1cl.i3 86.rpm


• Conectiva 6.0 exim-mon-3.16-4U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/exim-mon-3.16-4U60_1cl.i3 86.rpm


• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch

University of Cambridge Exim 3.17

• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch

University of Cambridge Exim 3.18

• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch

University of Cambridge Exim 3.19

• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch


• Red Hat powertools 7.0 alpha exim-3.22-13.alpha.rpm
  ftp://updates.redhat.com/7.0/en/powertools/alpha/exim-3.22-13.alpha.rp m


• Red Hat powertools 7.0 alpha exim-doc-3.22-13.alpha.rpm
  ftp://updates.redhat.com/7.0/en/powertools/alpha/exim-doc-3.22-13.alph a.rpm


• Red Hat powertools 7.0 alpha exim-mon-3.22-13.alpha.rpm
  ftp://updates.redhat.com/7.0/en/powertools/alpha/exim-mon-3.22-13.alph a.rpm


• Red Hat powertools 7.0 i386 exim-3.22-13.i386.rpm
  ftp://updates.redhat.com/7.0/en/powertools/i386/exim-3.22-13.i386.rpm


• Red Hat powertools 7.0 i386 exim-doc-3.22-13.i386.rpm
  ftp://updates.redhat.com/7.0/en/powertools/i386/exim-doc-3.22-13.i386. rpm


• Red Hat powertools 7.0 i386 exim-mon-3.22-13.i386.rpm
  ftp://updates.redhat.com/7.0/en/powertools/i386/exim-mon-3.22-13.i386. rpm

University of Cambridge Exim 3.20

• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch

University of Cambridge Exim 3.21

• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch

University of Cambridge Exim 3.22

• Foldi Tamas exim.patch
  http://www.securityfocus.com/web/data/vulnerabilities/patches/exim.pat ch


• Red Hat powertools 7.1 i386 exim-3.22-13.i386.rpm
  ftp://updates.redhat.com/7.1/en/powertools/i386/exim-3.22-13.i386.rpm


• Red Hat powertools 7.1 i386 exim-doc-3.22-13.i386.rpm
  ftp://updates.redhat.com/7.1/en/powertools/i386/exim-doc-3.22-13.i386. rpm


• Red Hat powertools 7.1 i386 exim-mon-3.22-13.i386.rpm
  ftp://updates.redhat.com/7.1/en/powertools/i386/exim-mon-3.22-13.i386. rpm