Kev tso tawm ntawm Exim 4.94.2 mail server tau luam tawm nrog kev tshem tawm 21 qhov tsis zoo (CVE-2020-28007-CVE-2020-28026, CVE-2021-27216), uas tau txheeb xyuas los ntawm Qualys thiab nthuav tawm hauv qab lub npe code 21 Nws. 10 teeb meem tuaj yeem raug siv los ntawm kev siv deb (suav nrog kev ua tiav cov cai nrog cov cai hauv paus) los ntawm kev tswj hwm ntawm SMTP cov lus txib thaum cuam tshuam nrog lub server.
Tag nrho cov qauv ntawm Exim, uas nws keeb kwm tau taug qab hauv Git txij li xyoo 2004, raug cuam tshuam los ntawm qhov teeb meem. Cov qauv kev ua haujlwm ntawm kev siv dag zog tau npaj rau 4 qhov tsis zoo hauv zos thiab 3 qhov teeb meem nyob deb. Kev siv rau qhov tsis zoo hauv zos (CVE-2020-28007, CVE-2020-28008, CVE-2020-28015, CVE-2020-28012) tso cai rau koj los txhawb koj cov cai rau tus neeg siv hauv paus. Ob qhov teeb meem chaw taws teeb (CVE-2020-28020, CVE-2020-28018) tso cai rau kev ua tiav yam tsis muaj kev lees paub raws li tus neeg siv Exim (koj tuaj yeem nkag mus hauv paus los ntawm kev siv ib qho ntawm qhov tsis zoo hauv zos).
CVE-2020-28021 vulnerability tso cai tam sim ntawd tej thaj chaw deb code ua tiav nrog cov cai hauv paus, tab sis yuav tsum muaj kev nkag mus rau qhov tseeb (tus neeg siv yuav tsum tsim kom muaj kev lees paub tseeb, tom qab ntawd lawv tuaj yeem siv qhov tsis zoo los ntawm kev tswj hwm ntawm AUTH parameter hauv MAIL FROM hais kom ua). Qhov teeb meem yog tshwm sim los ntawm qhov tseeb tias tus neeg tawm tsam tuaj yeem ua tiav txoj hlua hloov pauv hauv header ntawm cov ntaub ntawv spool los ntawm kev sau tus nqi authenticated_sender yam tsis tau khiav cov cim tshwj xeeb (piv txwv li, dhau qhov hais kom ua "MAIL FROM:<> AUTH = Raven + 0AReyes β).
Tsis tas li ntawd, nws tau sau tseg tias lwm qhov chaw nyob deb, CVE-2020-28017, yog siv los ua cov cai nrog "exim" cov neeg siv cov cai yam tsis muaj kev lees paub, tab sis xav tau ntau dua 25 GB ntawm lub cim xeeb. Rau qhov seem 13 qhov tsis txaus ntseeg, kev siv dag zog tuaj yeem npaj tau, tab sis kev ua haujlwm hauv cov lus qhia no tseem tsis tau ua.
Cov neeg tsim tawm Exim tau ceeb toom txog cov teeb meem rov qab rau lub Kaum Hlis xyoo tas los thiab siv ntau tshaj 6 lub hlis txhim kho. Txhua tus thawj coj raug pom zoo kom hloov kho Exim sai ntawm lawv cov xa ntawv xa mus rau version 4.94.2. Tag nrho cov versions ntawm Exim ua ntej tso tawm 4.94.2 tau tshaj tawm tias tsis siv lawm. Kev tshaj tawm ntawm tus tshiab version tau koom tes nrog kev faib tawm uas ib txhij luam tawm pob tshiab: Ubuntu, Arch Linux, FreeBSD, Debian, SUSE thiab Fedora. RHEL thiab CentOS tsis cuam tshuam los ntawm qhov teeb meem, vim Exim tsis suav nrog hauv lawv qhov chaw ntim khoom txheem (EPEL tseem tsis tau muaj qhov hloov tshiab).
Tshem tawm vulnerabilities:
- CVE-2020-28017: Integer overflow hauv receive_add_recipient() function;
- CVE-2020-28020: Integer overflow in the receive_msg() function;
- CVE-2020-28023: Tawm-ntawm-bounds nyeem hauv smtp_setup_msg();
- CVE-2020-28021: Newline hloov pauv hauv spool file header;
- CVE-2020-28022: Sau thiab nyeem nyob rau hauv ib cheeb tsam sab nraum qhov kev faib tsis nyob rau hauv lub extract_option() muaj nuj nqi;
- CVE-2020-28026: String truncation and change in spool_read_header();
- CVE-2020-28019: Sib tsoo thaum rov pib qhov taw qhia ua haujlwm tom qab BDAT yuam kev tshwm sim;
- CVE-2020-28024: Buffer underflow hauv smtp_ungetc() muaj nuj nqi;
- CVE-2020-28018: Siv-tom qab-dawb tsis pub nkag hauv tls-openssl.c
- CVE-2020-28025: Ib qho kev tawm-ntawm-bounds nyeem hauv pdkim_finish_bodyhash() ua haujlwm.
Local vulnerabilities:
- CVE-2020-28007: Cov cim txuas tawm tsam hauv Exim log directory;
- CVE-2020-28008: Spool directory attacks;
- CVE-2020-28014: Arbitrary file creation;
- CVE-2021-27216: Arbitrary file deletion;
- CVE-2020-28011: Buffer overflow in queue_run();
- CVE-2020-28010: Out-of-bounds sau hauv main();
- CVE-2020-28013: Buffer overflow hauv kev ua haujlwm parse_fix_phrase();
- CVE-2020-28016: Tawm-ntawm-bounds sau hauv parse_fix_phrase();
- CVE-2020-28015: Newline hloov pauv hauv spool file header;
- CVE-2020-28012: Ncua tseg-ntawm-exec chij rau cov yeeb nkab tsis muaj npe;
- CVE-2020-28009: Integer overflow hauv get_stdinput() muaj nuj nqi.
Tau qhov twg los: opennet.ru