diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-txt/ChangeLog | 2 | ||||
| -rw-r--r-- | doc/doc-txt/cve-2019-13917 | 46 |
2 files changed, 48 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index c1bbf2636..2e839039c 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -147,6 +147,8 @@ JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is requested. Previously not bounce was generated and a log entry of error ignored was made. +JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917) + Exim version 4.92 ----------------- diff --git a/doc/doc-txt/cve-2019-13917 b/doc/doc-txt/cve-2019-13917 new file mode 100644 index 000000000..fd94da8a4 --- /dev/null +++ b/doc/doc-txt/cve-2019-13917 @@ -0,0 +1,46 @@ +CVE ID: CVE-2019-13917 +OVE ID: OVE-20190718-0006 +Date: 2019-07-18 +Credits: Jeremy Harris +Version(s): 4.85 up to and including 4.92 +Issue: A local or remote attacker can execute programs with root + privileges - if you've an unusual configuration. See below. + +Conditions to be vulnerable +=========================== + +If your configuration uses the ${sort } expansion for items that can be +controlled by an attacker (e.g. $local_part, $domain). The default +config, as shipped by the Exim developers, does not contain ${sort }. + +Details +======= + +The vulnerability is exploitable either remotely or locally and could +be used to execute other programs with root privilege. The ${sort } +expansion re-evaluates its items. + +Mitigation +========== + +Do not use ${sort } in your configuration. + +Fix +=== + +Download and build a fixed version: + + Tarballs: http://ftp.exim.org/pub/exim/exim4/ + Git: https://github.com/Exim/exim.git + - tag exim-4.92.1 + - branch exim-4.92+fixes + +The tagged commit is the officially released version. The +fixes branch +isn't officially maintained, but contains useful patches *and* the +security fix. + +If you can't install the above versions, ask your package maintainer for +a version containing the backported fix. On request and depending on our +resources we will support you in backporting the fix. (Please note, +that Exim project officially doesn't support versions prior the current +stable version.) |