Anonymous | Login | 2024-04-19 21:51 CEST |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | |||||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
0005317 | [exim] upgrade | major | unable to reproduce | 2018-03-09 16:32 | 2019-07-11 14:51 | |||||||
Reporter | barlavento | View Status | public | |||||||||
Assigned To | ||||||||||||
Priority | normal | Resolution | open | |||||||||
Status | new | |||||||||||
Summary | 0005317: EXIM CVE-2018-6789 | |||||||||||
Description |
CVE-2018-6789 ============= There is a buffer overflow in base64d(), if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. A patch exists already and is being tested. Currently we're unsure about the severity, we *believe*, an exploit is difficult. A mitigation isn't known. Timeline (UTC) -------------- * 2018-02-05 Report from Meh Chang <meh@devco.re> via exim-security mailing list * 2018-02-06 Request CVE on https://cveform.mitre.org/ [^] (heiko) CVE-2018-6789 * 2018-02-07 Announcement to the public via exim-users, exim-maintainers mailing lists and on oss-security mailing list * 2018-02-08 16:50 Grant restricted access to the security repo for distro maintainers * 2018-02-09 One distro breaks the embargo * 2018-02-10 18:00 Grant public access to the our official git repo. |
|||||||||||
Additional Information |
Would it be possible to re-package to the latest new version? Would fix other vulnerabilities and bugs as well :-) |
|||||||||||
Tags | No tags attached. | |||||||||||
Attached Files |
514.gz [^] (10,334 bytes) 2018-12-04 10:32 130.pdf [^] (29,446 bytes) 2019-07-11 14:51 |
|||||||||||
|
Notes | |
(0011270) dam (administrator) 2018-03-20 11:04 |
Unfortunately the current maintainer is no longer active. If you would be willing to help I'll gladly accept a patch. The current recipe is available here: https://buildfarm.opencsw.org/source/xref/opencsw/csw/mgar/pkg/exim/trunk/Makefile [^] |
(0011271) barlavento (reporter) 2018-03-21 08:31 |
Hello I am willing to help. what is needed from me? But maybe it is easier to just compile from the new source rather than patch the old code? Eduardo |
(0011272) dam (administrator) 2018-03-21 09:28 |
Hi Eduardo, mainly this patch needs to be forward-ported to be applicable to the current version: https://buildfarm.opencsw.org/source/xref/opencsw/csw/mgar/pkg/exim/trunk/files/0003-Set-OpenCSW-build-options.patch [^] If you could do that then it should be fairly easy. |
(0011273) barlavento (reporter) 2018-03-21 16:31 |
I have to study on this, because this is new to me. Probably need to read some documentation first? |
(0011288) barlavento (reporter) 2018-12-17 13:42 |
It is unfortunate I cannot create a new (Solaris 10 or newer) package. I do not have any experience with the build environment. |
Copyright © 2000 - 2008 Mantis Group |