Exim EHLO/HELO Remote Heap Corruption Vulnerability

Exim EHLO/HELO Remote Heap Corruption Vulnerability

Solution:
This issue has been addressed in the latest version of Exim. Also, patches have been released to address this issue in Exim 3.36 and 4.20. The vendor has reported that these patches will likely work on earlier versions as well, however it has not yet been confirmed. Users are advised to upgrade as soon as possible.

Debian has released an updated advisory (DSA 376-2) that addresses this issue. Previous packages to address this issue that were released by Debian were installed with incorrect permissions on documentation, users who are affected by this issue are advised to upgrade as soon as possible. Please see the referenced advisory for details on applying fixes.

Conectiva has released an advisory (CLA-2003:735) that addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo has released advisory 200309-09 to address this issue. Affected users are advised to take the following action on affected systems:

emerge sync
emerge exim
emerge clean

University of Cambridge Exim 3.0

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.11

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.12

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.13

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.14

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.15

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.16

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.17

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.18

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.19

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.20

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.21

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.22

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.3 1

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.3

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.3 2

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.30

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.31

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.32

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.33

Conectiva exim-3.33-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/exim-3.33-4U80_1cl.i386.rpm

Conectiva exim-config-samples-3.33-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/exim-config-samples-3.33-4U 80_1cl.i386.rpm

Conectiva exim-doc-3.33-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/exim-doc-3.33-4U80_1cl.i386 .rpm

Conectiva exim-mon-3.33-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/exim-mon-3.33-4U80_1cl.i386 .rpm

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.34

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.35

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 3.36

Conectiva exim-3.36-28816U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/exim-3.36-28816U90_1cl.i386 .rpm

Conectiva exim-config-samples-3.36-28816U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/exim-config-samples-3.36-28 816U90_1cl.i386.rpm

Conectiva exim-doc-3.36-28816U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/exim-doc-3.36-28816U90_1cl. i386.rpm

Conectiva exim-mon-3.36-28816U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/exim-mon-3.36-28816U90_1cl. i386.rpm

University of Cambridge Exim 3.36 Patch
http://downloads.securityfocus.com/vulnerabilities/patches/exim336-1.p atch

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 4.10

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

University of Cambridge Exim 4.20

University of Cambridge Exim 4.20 Patch
http://downloads.securityfocus.com/vulnerabilities/patches/exim420.pat ch

University of Cambridge Exim 4.21
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.21.tar.bz 2

Privacy Statement
Copyright 2010, SecurityFocus