SB2017113009 - Arch Linux update for exim

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2017-1000369)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to memory management errors in implementation of various functions under multiple operating systems. A local or remote attacker can overflow group_list[] buffer in Exim main() function to manipulate the heap/stack, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

2) Information disclosure (CVE-ID: CVE-2017-10140)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper handling of certain configuration files. A remote attacker can read arbitrary data.

3) Use-after-free error (CVE-ID: CVE-2017-16943)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free memory error in the ESMTP CHUNKING extension within the receive_msg() function in receive.c. A remote attacker can connect to the SMTP service, send a specially crafted BDAT command, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

4) Infinite loop (CVE-ID: CVE-2017-16944)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in bdat_getc(). A remote attacker can connect to the SMTP service, send a specially crafted BDAT command, consume all available stack memory and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

• https://security.archlinux.org/advisory/ASA-201711-32