====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN045
_____________________________________________________________________

DATE                : 12/02/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running exim versions prior to 4.90.1.

=====================================================================
https://lists.exim.org/lurker/message/20180210.180351.bc65dc61.en.html
http://exim.org/static/doc/security/CVE-2018-6789.txt
_____________________________________________________________________

Subject: [exim] Security update: Exim 4.90.1 released (CVE-2018-6789)

We released Exim 4.90.1 just now.
---------------------------------

This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1. The
reporter of the bug claims to have a working exploit. See
http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline.

This release contains some other important bug fixes since 4.90, but no
additional features. Please see the ChangeLog
ftp://ftp.exim.org/pub/exim/exim4/ChangeLog

The Distros should have built packages already.

The sources can be obtained directly from the Git repos

    git://git.exim.org/exim.git     tag: exim-4_90_1
    git://git.exim.org/exim.git     tag: exim-4_90_1


The tag is signed with my GPG key¹.

Alternativly you may fetch the tarballs from the mirrors listed
on
    https://www.exim.org/mirmon/ftp_mirrors.html



or directly from

      ftp://ftp.exim.org/pub/exim/exim4/
    https://ftp.exim.org/pub/exim/exim4/


The tarballs are signed with my GPG key¹. Next to the tarballs you will
find a sha512sum.txt, in case you are happy with simple integrity check
only.

¹) If you get a "key expired" message, please refresh my key from
the public keyservers.

Thank you for using Exim.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann

_____________________________________________________________________


CVE-2018-6789
=============

There is a buffer overflow in base64d(), if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible.

A patch exists already and is being tested.

Currently we're unsure about the severity, we *believe*, an exploit
is difficult. A mitigation isn't known.

Timeline (UTC)
--------------

* 2018-02-05 Report from Meh Chang <meh@devco.re> via exim-security
mailing list
* 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko)
             CVE-2018-6789
* 2018-02-07 Announcement to the public via exim-users, exim-maintainers
             mailing lists and on oss-security mailing list
* 2018-02-08 16:50 Grant restricted access to the security repo for
             distro maintainers
* 2018-02-09 One distro breaks the embargo
* 2018-02-10 18:00 Grant public access to the our official git repo.

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================