Mantis - exim
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
5317 upgrade major unable to reproduce 2018-03-09 16:32 2019-07-11 14:51
Reporter: barlavento Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
Summary: 0005317: EXIM CVE-2018-6789
Description: CVE-2018-6789
=============

There is a buffer overflow in base64d(), if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible.

A patch exists already and is being tested.

Currently we're unsure about the severity, we *believe*, an exploit
is difficult. A mitigation isn't known.

Timeline (UTC)
--------------

* 2018-02-05 Report from Meh Chang <meh@devco.re> via exim-security mailing list
* 2018-02-06 Request CVE on https://cveform.mitre.org/ [^] (heiko)
             CVE-2018-6789
* 2018-02-07 Announcement to the public via exim-users, exim-maintainers
             mailing lists and on oss-security mailing list
* 2018-02-08 16:50 Grant restricted access to the security repo for
             distro maintainers
* 2018-02-09 One distro breaks the embargo
* 2018-02-10 18:00 Grant public access to the our official git repo.
Steps To Reproduce:
Additional Information: Would it be possible to re-package to the latest new version?
Would fix other vulnerabilities and bugs as well :-)
Relationships
Attached Files: gz file icon 514.gz [^] (10,334 bytes) 2018-12-04 10:32
pdf file icon 130.pdf [^] (29,446 bytes) 2019-07-11 14:51
Issue History
Date Modified Username Field Change
2018-03-09 16:32 barlavento New Issue
2018-03-20 11:04 dam Note Added: 0011270
2018-03-21 08:31 barlavento Note Added: 0011271
2018-03-21 09:28 dam Note Added: 0011272
2018-03-21 16:31 barlavento Note Added: 0011273
2018-12-04 10:32 Markus34 File Added: 514.gz
2018-12-17 12:47 Markus34 Note Added: 0011287
2018-12-17 12:50 dam Note Deleted: 0011287
2018-12-17 13:42 barlavento Note Added: 0011288
2019-07-11 14:51 tomplatz File Added: 130.pdf

Notes
(0011270)
dam   
2018-03-20 11:04   
Unfortunately the current maintainer is no longer active.
If you would be willing to help I'll gladly accept a patch. The current recipe is available here:
  https://buildfarm.opencsw.org/source/xref/opencsw/csw/mgar/pkg/exim/trunk/Makefile [^]
(0011271)
barlavento   
2018-03-21 08:31   
Hello

I am willing to help. what is needed from me?
But maybe it is easier to just compile from the new source rather than patch the old code?

Eduardo
(0011272)
dam   
2018-03-21 09:28   
Hi Eduardo,

mainly this patch needs to be forward-ported to be applicable to the current version:
  https://buildfarm.opencsw.org/source/xref/opencsw/csw/mgar/pkg/exim/trunk/files/0003-Set-OpenCSW-build-options.patch [^]

If you could do that then it should be fairly easy.
(0011273)
barlavento   
2018-03-21 16:31   
I have to study on this, because this is new to me.
Probably need to read some documentation first?
(0011288)
barlavento   
2018-12-17 13:42   
It is unfortunate I cannot create a new (Solaris 10 or newer) package. I do not have any experience with the build environment.