ROS-2-504

2.504 Multiple Exim Server Vulnerabilities

1. Vulnerability description:

CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a critical file on the system and overwrite it with application privileges. CVE-2020-28020 Vulnerability in the Exim message forwarding agent, related to an integer overflow in the receive_msg () function. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted data, trigger an integer overflow, and execute arbitrary code on the target system. CVE-2020-28026 Vulnerability in the Exim message forwarding agent, related to insufficient validation of user input in the spool_read_header () function. Exploitation of the vulnerability could allow an attacker acting remotely to enter strings and control the mail queue. CVE-2020-28022 Vulnerability in Exim message forwarding agent, related to a boundary error when handling unreliable input data in the extract_option () function. Exploitation of the vulnerability could allow an attacker acting remotely to create a special message for a mail server, cause a write or read error outside the boundary, and execute arbitrary code on the target system. CVE-2020-28021 Vulnerability in Exim message forwarding agent, related to insufficient validation of user input when processing newline characters. Exploitation of the vulnerability could allow an attacker acting remotely to inject a newline character into the spool header file and modify the mail queue. CVE-2020-28023 Vulnerability in Exim message forwarding agent, related to boundary conditions in smtp_setup_msg () function. Exploitation of the vulnerability could allow an attacker acting remotely to send a special message to the system, cause a read error outside of the allowed range, and read memory contents on the system. CVE-2020-28017 Vulnerability in Exim message forwarding agent, related to integer overflow in receive_add_recipient () function. Exploitation of the vulnerability could allow a remote attacker to send special data to an application, cause an integer overflow, and execute arbitrary code on the target system. CVE-2020-28008 Vulnerability in Exim message forwarding agent, related to incorrect security restrictions on the spool directory. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system. CVE-2020-28009 Vulnerability in Exim message relay agent, related to integer overflow in get_stdinput () function. Exploitation of the vulnerability could allow an attacker to execute arbitrary code with elevated privileges. CVE-2020-28012 Vulnerability in Exim message forwarding agent, related to missing close flag on execution for privileged channel. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system. CVE-2020-28015 Vulnerability in Exim message forwarding agent, related to insufficient validation of user input when processing newline characters. Exploitation of the vulnerability could allow an attacker to inject a newline character into the spool header file and execute arbitrary commands. CVE-2020-28016 Vulnerability in Exim message forwarding agent, related to a boundary error in the parse_fix_phrase () function. Exploitation of the vulnerability could allow an attacker to initiate writing and executing arbitrary code on a target system with elevated privileges. CVE-2020-28013 Vulnerability in Exim message forwarding agent, related to a boundary error in parse_fix_phrase () function. Exploitation of the vulnerability could allow an attacker to trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges. CVE-2020-28010 Vulnerability in Exim message forwarding agent, related to a boundary error in the main () function. Exploitation of the vulnerability could allow an attacker to initiate writing and executing arbitrary code on the target system with elevated privileges. CVE-2020-28011 Vulnerability in Exim message forwarding agent, related to a boundary error in the queue_run () function. Exploitation of the vulnerability could allow an attacker to trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges. CVE-2020-28014 Vulnerability in Exim message forwarding agent, related to insecure use of PID files. Exploitation of the vulnerability could allow an attacker to pass the name of a PID file and use it to escalate privileges on the system. CVE-2020-28019 Exim message forwarding agent vulnerability, related to improper management of internal resources in an application. Exploitation of the vulnerability could allow an attacker acting remotely to transfer specially crafted data to the application and perform a denial of service (DoS) attack. CVE-2020-28024 Vulnerability in Exim message forwarding agent, related to integer overflow in smtp_ungetc () function. Exploitation of the vulnerability could allow a remote attacker to send special data to the application, cause an integer overflow, and execute arbitrary code on the target system. CVE-2020-28018 Vulnerability in Exim message forwarding agent, related to a post-release exploitation error in tls-openssl.c. Exploitation of the vulnerability could allow a remote attacker to send special data to a mail server, cause a post-release usage error, and execute arbitrary code on a system with root privileges. CVE-2020-28025 Vulnerability in Exim message forwarding agent, related to boundary conditions in pdkim_finish_bodyhash () function. Exploitation of the vulnerability could allow an attacker acting remotely to cause a read error outside of the valid range and read memory contents on the system. CVE-2021-27216 Vulnerability in Exim message forwarding agent, related to lack of necessary security restrictions. Exploitation of the vulnerability could allow an attacker to delete arbitrary files on the system: BDU:2021-02768, BDU:2021-02764, BDU:2021-02764, BDU:2021-02763, BDU:2021-02765, BDU:2021-02762, BDU:2021-02761, BDU:2021-02770, BDU:2021-02760, BDU:2021-02759, BDU:2021-02758, BDU:2021-02757, BDU:2021-02756, BDU:2021-02755, BDU:2021-02754, BDU:2021-02753, BDU:2021-02752, BDU:2021-02751, BDU:2021-02767, BDU:2021-02766, BDU:2021-02769, BDU:2021-02750

2. Possible measures to address the vulnerability

Do not use the Exim messaging agent or - install security updates for the package: exim**Installing updates is possible in the following ways:**a) If the computer with the installed OS version has access to the vendor’s official repository, run the update as administrator with the command:# yum updateAfter the list of updated packages is displayed, agree to apply the updates by pressing the Y key on the keyboard. Wait until the update installation is complete and make sure that there are no errors during its installation.b)If the computer with the installed OS version does not have access to the vendor’s official repository, you should perform the following actions: - download the updated package (with dependencies if necessary): http://repo.red-soft.ru/redos/7.2c/x86_64/updates/exim-4.94.2-1.el7.2.x86_64.rpm Check the integrity and authenticity of the package according to instructionsInstall the downloaded package(s) with the command:# yum localinstall *.rpmWhen the list of updated packages is displayed, agree to apply the updates by pressingY on the keyboard. Wait for the updates to finish installing and make sure there are no errors during the installation.

Date of last modification: 08.09.2021