This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exim remote exploit ?

Anybody knows if astaro is vulnerable to this issue ?
Re: [exim-dev] Remote root vulnerability in Exim

Possible root vulnerability in Exim internet mailer - Update - The H Security: News and Features

Thanks

This thread was automatically locked due to age.

0 techno.kid over 14 years ago

I read about that yesterday... and did a check on the version on ASL today:

2010:12:11-15:36:29 border exim[4934]: 2010-12-11 15:36:29 exim 4.69 daemon started:

Looks like in ASL there is a newer version since 4.63 is affected. But who knows: maybe the problem exists in 4.69 as well? So... some should go for "testing" :-) Exim 4.63 Remote Exploit

techno.kid
Cancel
Vote Up 0 Vote Down

Cancel
0 Pikkio over 14 years ago in reply to techno.kid

This new bug has been fixed in 4.70.
Latest Astaro uses 4.69 which should be affected....

Cheers
Cancel
Vote Up 0 Vote Down

Cancel
0 Billybob over 14 years ago in reply to Pikkio

Interesting reading... Astaro's directory structure is completely different than a default install of exim on linux. Furthermore all the daemons are chrooted and to top all that, you can't run exim commands directly.

So, I am sure they will move to the next version soon enough, but I wouldn't loose any sleep over this exploit atleast in the wild.[;)]
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 14 years ago

This needs to be answered/addressed by Astaro.

There is now a scripted attack or worm installing rootkits on servers with this vulnerability.
Reports of Attacks against EXIM vulnerability

I'm very glad that Astaro chroots everything, but that may not be enough to prevent any infection.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 14 years ago in reply to BarryG

Just because it's reporting version 4.69 doesn't mean it's not been patched; the 2 patches necessary have been around a long time, and I wouldn't be surprised if Astaro didn't already have them compiled into their build of it. I imagine that there's already an IPS rule that detects this sort of thing already as well.

I'll be starting a case with Astaro to determine what their response is.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 14 years ago in reply to BrucekConvergent

Case started for further information... I'll keep you guys posted.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 14 years ago in reply to BrucekConvergent

LOL.... 7.509 has been released to address this issue:

Up2Date 7.509 Released

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 14 years ago

Just found this:
Up2Date 7.509 Released

Appears to fix the problem. Probably should be installed asap.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 Pikkio over 14 years ago

Up2date has not been pushed to the up2date servers, you have to manual download and install it ... this sucks...
Cancel
Vote Up 0 Vote Down

Cancel