Exim vulnerability
New (3.3.2)
Impact
If this vulnerability exists, a remote attacker could execute arbitrary commands.
Background
Exim is a mail transfer
agent (MTA) for Unix systems. Like other
MTA's such as Sendmail,
it processes incoming and outgoing e-mail messages in
accordance with the Simple
Mail Transfer Protocol (SMTP).
The Problem
Exim contains a portion of code which checks the syntax of e-mail
message headers. Due to a format string vulnerability in
the logging of errors produced by this check, it could
be possible for a remote attacker to execute arbitrary
commands.
This vulnerability is present in Exim versions prior to
3.12-10.1. It is only exploitable if the header syntax check is
turned on. It is not exploitable by default.
Resolution
Download and install the
latest version of Exim.
Where can I read more about this?
More information about this vulnerability is available
from Debian
Security Announcement 058-1.