受影响系统:
University of Cambridge Exim 4.20
University of Cambridge Exim 4.10
University of Cambridge Exim 3.36
University of Cambridge Exim 3.34
University of Cambridge Exim 3.33
University of Cambridge Exim 3.32
University of Cambridge Exim 3.32
University of Cambridge Exim 3.31
University of Cambridge Exim 3.31
University of Cambridge Exim 3.30
University of Cambridge Exim 3.3
University of Cambridge Exim 3.22
University of Cambridge Exim 3.21
University of Cambridge Exim 3.20
University of Cambridge Exim 3.19
University of Cambridge Exim 3.18
University of Cambridge Exim 3.17
University of Cambridge Exim 3.16
University of Cambridge Exim 3.15
University of Cambridge Exim 3.14
University of Cambridge Exim 3.13
University of Cambridge Exim 3.12
University of Cambridge Exim 3.11
University of Cambridge Exim 3.0
University of Cambridge Exim 3.35
- Debian Linux 3.0
不受影响系统:
University of Cambridge Exim 4.21
描述:
Exim[1]是一款流行的EMAIL服务器(MTA)。
Exim没有正确处理畸形EHLO/HELO消息,远程攻击者可以利用这个漏洞对Exim服务器进行基于堆的破坏,可导致拒绝服务攻击。
问题存在于exim-4.20/src/smtp_in.c中:
if (*smtp_data == 0) Ustrcpy(smtp_data, "(no argument given)");
''smtp_data''是指向513字节的''cmd_buffer''堆缓冲区。精心构建HELO或者EHLO命令可以使''*smtp_data''为零及''smtp_data''包含在''cmd_buffer''中最后的2个字节中,因此字符串"o argument given)"后面的NULL会溢出cmd_buffer缓冲区。由于固定字符串覆盖缓冲区并受到一定条件的限制,根据作者报告此漏洞目前看来难于利用。一般攻击者可对服务器进行拒绝服务攻击。
<*来源:Nick Cleaton
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106252015820395&w=2
http://www.securityfocus.com/archive/82/336060/2003-09-01/2003-09-07/0
http://www.debian.org/security/2002/dsa-376
*>
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-376-2)以及相应补丁:
DSA-376-2:New exim packages fix incorrect permissions on documentation
链接:http://www.debian.org/security/2002/dsa-376
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.dsc
Size/MD5 checksum: 661 26b678a3008cfc4137828ed87854a68b
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.diff.gz
Size/MD5 checksum: 79356 4fbc522328ef3457849392aa962ee158
http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz
Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.dsc
Size/MD5 checksum: 677 efc414eda2eaf3b739c0ff1d0ce1ce08
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.diff.gz
Size/MD5 checksum: 79663 3b0ffcb9a0c4662ba908f622e6bc6923
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz
Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a
Alpha architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_alpha.deb
Size/MD5 checksum: 872552 63ce5094ddee06b513ff435e0ee0f1a1
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_alpha.deb
Size/MD5 checksum: 52316 35227547daebb787fa6ad8a4c7b7de4d
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_alpha.deb
Size/MD5 checksum: 873212 19bba89ff92748d38fc68a667474ed35
ARM architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_arm.deb
Size/MD5 checksum: 785618 c1892595d4ac8b0dd3e7ce9b26a088bf
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_arm.deb
Size/MD5 checksum: 43510 ee93deb829c75498646888e96efe79dc
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_arm.deb
Size/MD5 checksum: 783822 4a14319839d9f01dd2be37e047fd6d66
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_i386.deb
Size/MD5 checksum: 758888 1a754baf670f98a0588cdf0f25faf52f
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_i386.deb
Size/MD5 checksum: 39204 0a1f04494167f1c9a8d2f4a1fc7409c6
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_i386.deb
Size/MD5 checksum: 759152 ad293a317eb4ee7bccffff05a425156e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_ia64.deb
Size/MD5 checksum: 972522 c092722374ddcaf685ffa76dc5d8b9a1
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_ia64.deb
Size/MD5 checksum: 65168 28329a2b344088598566c6b6a6e8a10a
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_ia64.deb
Size/MD5 checksum: 973764 ee164461e235691d1ebbd5499535bb23
HP Precision architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_hppa.deb
Size/MD5 checksum: 814974 5aeed1d898554bde0ddeb65e05172229
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_hppa.deb
Size/MD5 checksum: 48282 4df870c3013b57437157b4796285ca08
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_hppa.deb
Size/MD5 checksum: 813986 5b98643ddca3a563c0f35702533abec7
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_m68k.deb
Size/MD5 checksum: 737684 f03d8c7db3d1829563359cb4801834c4
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_m68k.deb
Size/MD5 checksum: 37766 8c717d391f22e15369bedb58c84b0b2b
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_m68k.deb
Size/MD5 checksum: 736502 387d9a32b505ec7f3e8cedad5390095a
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_mips.deb
Size/MD5 checksum: 824182 057be740675f12ddede719b5e153c856
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mips.deb
Size/MD5 checksum: 48878 9ad962d4376d745d01647d3ff8d84455
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mips.deb
Size/MD5 checksum: 824072 068d46cc7be1f70e369795eed39a5e2c
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_mipsel.deb
Size/MD5 checksum: 824412 a3bdb11188295320929fafe50062d6f5
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mipsel.deb
Size/MD5 checksum: 48772 e071d683f83aab5ac7712f4409a92d2e
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mipsel.deb
Size/MD5 checksum: 824764 dc94f41f414b487a5fb242abf1691c71
PowerPC architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_powerpc.deb
Size/MD5 checksum: 793784 5f8b069857c23ad7d8ce8840ac38748f
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_powerpc.deb
Size/MD5 checksum: 44786 9a7d8556f44fb9995f1928e5625161fa
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_powerpc.deb
Size/MD5 checksum: 792296 a8e7e8d5c05ad550d02ebed47ec98ee8
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_s390.deb
Size/MD5 checksum: 779680 a4196fb3142aa9baaa6ac7b18a7ff812
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_s390.deb
Size/MD5 checksum: 43926 954cd43dcfec0f95922e5b354cad94d5
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_s390.deb
Size/MD5 checksum: 778952 a1f2ada573819be4637929c3763a6193
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_sparc.deb
Size/MD5 checksum: 784988 e19c2e5ef5c5d8d52ec9e977eefd9380
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_sparc.deb
Size/MD5 checksum: 42434 6e0dcc3ae42401f938ea132a7fbe75e5
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_sparc.deb
Size/MD5 checksum: 782482 4ae58125f8e4daea23660df37e867c14
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
