An buga sakin sabar sabar ta Exim 4.94.2 tare da kawar da lahani 21 (CVE-2020-28007-CVE-2020-28026, CVE-2021-27216), waɗanda Qualys suka gano kuma an gabatar dasu ƙarƙashin sunan lambar. 21 farce. Ana iya amfani da matsalolin 10 daga nesa (ciki har da aiwatar da lamba tare da haƙƙin tushen) ta hanyar yin amfani da umarnin SMTP yayin hulɗa tare da uwar garke.
Duk nau'ikan Exim, wanda aka binciki tarihin su a Git tun 2004, matsalar ta shafe su. An shirya nau'ikan ayyukan aiki don raunin gida 4 da matsalolin nesa 3. Amfani don raunin gida (CVE-2020-28007, CVE-2020-28008, CVE-2020-28015, CVE-2020-28012) yana ba ku damar haɓaka gata ga tushen mai amfani. Batutuwa masu nisa guda biyu (CVE-2020-28020, CVE-2020-28018) suna ba da izinin aiwatar da lambar ba tare da tantancewa azaman mai amfani da Exim ba (zaka iya samun tushen tushen hanyar yin amfani da ɗaya daga cikin raunin gida).
Rashin lahani na CVE-2020-28021 yana ba da damar aiwatar da lambar nesa nan da nan tare da haƙƙin tushen, amma yana buƙatar ingantacciyar dama (dole ne mai amfani ya kafa ingantaccen zaman, bayan haka za su iya yin amfani da raunin ta hanyar yin amfani da sigar AUTH a cikin MAIL FROM). Matsalar tana faruwa ne saboda gaskiyar cewa mai kai hari zai iya samun maye gurbin kirtani a cikin taken fayil ɗin spool ta rubuta ƙimar_sender ta gaske ba tare da guje wa haruffa na musamman ba (misali, ta hanyar wucewa umarnin “MAIL DAGA:<> AUTH=Raven +0AREes ”).
Bugu da ƙari, an lura cewa wani rauni mai nisa, CVE-2020-28017, ana amfani da shi don aiwatar da lamba tare da haƙƙin mai amfani da “Exim” ba tare da tantancewa ba, amma yana buƙatar fiye da 25 GB na ƙwaƙwalwar ajiya. Ga sauran lahani 13, ana iya shirya abubuwan da za a iya amfani da su, amma har yanzu ba a aiwatar da aikin ta wannan hanyar ba.
An sanar da masu haɓaka Exim matsalolin a watan Oktoban bara kuma sun shafe fiye da watanni 6 suna haɓaka gyare-gyare. Ana ba da shawarar duk masu gudanarwa da su sabunta Exim cikin gaggawa akan sabar saƙon su zuwa sigar 4.94.2. Duk nau'ikan Exim kafin a saki 4.94.2 an ayyana su ba su da aiki. An daidaita ɗab'ar sabon sigar tare da rarrabawa waɗanda aka buga sabunta fakitin lokaci guda: Ubuntu, Arch Linux, FreeBSD, Debian, SUSE da Fedora. RHEL da CentOS matsalar ba ta shafe su ba, tunda ba a haɗa Exim a cikin ma'auni na fakitin su (EPEL har yanzu ba ta da sabuntawa).
Abubuwan da aka cire:
- CVE-2020-28017: Ƙimar lamba a cikin aikin karɓar_add_recipient();
- CVE-2020-28020: Matsakaicin lamba a cikin aikin karɓar_msg();
- CVE-2020-28023: Daga-iyakoki karanta a cikin smtp_setup_msg();
- CVE-2020-28021: Sauya sabon layi a cikin taken fayil ɗin spool;
- CVE-2020-28022: Rubuta kuma karanta a cikin wani yanki a waje da abin da aka keɓe a cikin aikin cirewa_option ();
- CVE-2020-28026: Sarrafa igiya da sauyawa a cikin spool_read_header ();
- CVE-2020-28019: Crash lokacin sake saita mai nunin aiki bayan kuskuren BDAT ya faru;
- CVE-2020-28024: Buffer underflow a cikin aikin smtp_ungetc();
- CVE-2020-28018: Amfani-bayan-kyauta samun damar buffer a tls-openssl.c
- CVE-2020-28025: Ƙarfafa karantawa a cikin aikin pdkim_finish_bodyhash().
Lalacewar gida:
- CVE-2020-28007: Harin haɗin kai na alama a cikin kundin adireshin log ɗin Exim;
- CVE-2020-28008: Harin shugabanci na Spool;
- CVE-2020-28014: Ƙirƙirar fayil na sabani;
- CVE-2021-27216: Share fayil na sabani;
- CVE-2020-28011: Buffer ambaliya a cikin layi_run ();
- CVE-2020-28010: A waje da iyakoki rubuta a babban ();
- CVE-2020-28013: Buffer ambaliya a cikin aikin parse_fix_phrase ();
- CVE-2020-28016: Daga-iyakoki rubuta cikin parse_fix_phrase ();
- CVE-2020-28015: Sauya sabon layi a cikin taken fayil ɗin spool;
- CVE-2020-28012: Rasa tutar kusa-kan-exec don bututu mara izini mara suna;
- CVE-2020-28009: Ƙimar lamba a cikin aikin samun_stdinput ().
source: budenet.ru