Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 647240 (CVE-2018-6789) - <mail-mta/exim-4.90.1: buffer overflow in base64d function (CVE-2018-6789)
Summary: <mail-mta/exim-4.90.1: buffer overflow in base64d function (CVE-2018-6789)
Status: RESOLVED FIXED
Alias: CVE-2018-6789
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: http://exim.org/static/doc/security/C...
Whiteboard: A1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-10 18:32 UTC by Hanno Böck
Modified: 2018-04-23 14:22 UTC (History)
3 users (show)

See Also:
Package list:
mail-mta/exim-4.90.1 mail-filter/libspf2-1.2.10 arm mail-filter/opendmarc-1.3.2-r1 arm mail-filter/libsrs_alt-1.0 arm net-dialup/freeradius-client-1.1.7 arm mail-filter/dcc-1.3.158 arm dev-perl/Switch-2.170.0 arm
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2018-02-10 18:32:14 UTC
See
http://exim.org/static/doc/security/CVE-2018-6789.txt
http://seclists.org/oss-sec/2018/q1/133

"There is a buffer overflow in base64d(), if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible."

exim 4.90.1 contains the fix.
Comment 1 Larry the Git Cow gentoo-dev 2018-02-11 07:59:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c39f04f7b599211e948c4fc1546e7b30ca2e7f00

commit c39f04f7b599211e948c4fc1546e7b30ca2e7f00
Author:     Fabian Groffen <grobian@gentoo.org>
AuthorDate: 2018-02-11 07:59:36 +0000
Commit:     Fabian Groffen <grobian@gentoo.org>
CommitDate: 2018-02-11 07:59:36 +0000

    mail-mta/exim: version bump, bug #647240
    
    Bug: https://bugs.gentoo.org/647240
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 mail-mta/exim/Manifest           |   2 +
 mail-mta/exim/exim-4.90.1.ebuild | 528 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 530 insertions(+)}
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-02-16 00:05:56 UTC
@ Arches,

please test and mark stable: =mail-mta/exim-4.90.1
Comment 3 Stabilization helper bot gentoo-dev 2018-02-16 01:00:57 UTC
An automated check of this bug failed - repoman reported dependency errors: 

> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client']
> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client', 'mail-filter/dcc']
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-02-18 21:57:04 UTC
x86 stable
Comment 5 Stabilization helper bot gentoo-dev 2018-02-18 22:03:57 UTC
An automated check of this bug failed - repoman reported dependency errors: 

> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client']
> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client', 'mail-filter/dcc']
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2018-02-20 22:19:03 UTC
ia64 stable
Comment 7 Stabilization helper bot gentoo-dev 2018-02-20 23:01:28 UTC
An automated check of this bug failed - repoman reported dependency errors: 

> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client']
> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client', 'mail-filter/dcc']
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2018-02-22 07:52:58 UTC
commit 4a7594f1853dca9d6f784f99eb2e7d8608fb9755
Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Feb 20 09:03:35 2018 +0100

    mail-mta/exim: stable 4.90.1 for sparc, bug #647240
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-06 18:49:05 UTC
Please stabilize. Exploits are in the wild.

https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-06 19:00:10 UTC
Added to an existing GLSA.
Comment 11 Stabilization helper bot gentoo-dev 2018-03-06 19:02:09 UTC
An automated check of this bug failed - repoman reported dependency errors (24 lines truncated): 

> dependency.bad mail-filter/opendmarc/opendmarc-1.3.2-r1.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['dev-perl/Switch']
> dependency.badindev mail-filter/opendmarc/opendmarc-1.3.2-r1.ebuild: RDEPEND: arm(default/linux/arm/13.0/armv4) ['dev-perl/Switch']
> dependency.badindev mail-filter/opendmarc/opendmarc-1.3.2-r1.ebuild: RDEPEND: arm(default/linux/arm/13.0/armv4/desktop) ['dev-perl/Switch']
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2018-03-06 19:39:21 UTC
This issue was resolved and addressed in
 GLSA 201803-01 at https://security.gentoo.org/glsa/201803-01
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 13 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-06 19:41:53 UTC
Re-opening for remaining architectures.
Comment 14 Tobias Klausmann (RETIRED) gentoo-dev 2018-03-07 09:31:59 UTC
Stable on alpha.
Comment 15 Agostino Sarubbo gentoo-dev 2018-03-07 09:38:51 UTC
amd64 stable
Comment 16 Markus Meier gentoo-dev 2018-03-08 20:01:49 UTC
arm stable
Comment 17 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-31 17:57:55 UTC
ppc64 stable
Comment 18 Sergei Trofimovich (RETIRED) gentoo-dev 2018-04-07 19:50:48 UTC
ppc stable
Comment 19 Matt Turner gentoo-dev 2018-04-22 19:17:57 UTC
hppa stable
Comment 20 Aaron Bauman (RETIRED) gentoo-dev 2018-04-22 21:01:34 UTC
@maintainer(s), please drop the vulnerable versions.
Comment 21 Larry the Git Cow gentoo-dev 2018-04-23 08:47:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fea8855f8ace5d7818d73201a09b94342aedb1fb

commit fea8855f8ace5d7818d73201a09b94342aedb1fb
Author:     Fabian Groffen <grobian@gentoo.org>
AuthorDate: 2018-04-23 08:46:47 +0000
Commit:     Fabian Groffen <grobian@gentoo.org>
CommitDate: 2018-04-23 08:46:47 +0000

    mail-mta/exim: drop vulnerable versions, bug #647240
    
    Bug: https://bugs.gentoo.org/647240
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 mail-mta/exim/Manifest            |   6 -
 mail-mta/exim/exim-4.89-r5.ebuild | 533 --------------------------------------
 mail-mta/exim/exim-4.89.1.ebuild  | 530 -------------------------------------
 mail-mta/exim/exim-4.90.ebuild    | 528 -------------------------------------
 4 files changed, 1597 deletions(-)}
Comment 22 Aaron Bauman (RETIRED) gentoo-dev 2018-04-23 14:22:59 UTC
Thank you!