Ho lokolloa ha seva sa mangolo sa Exim 4.94.2 ho phatlalalitsoe ka ho felisoa ha bofokoli ba 21 (CVE-2020-28007-CVE-2020-28026, CVE-2021-27216), tse khethiloeng ke Qualys mme tsa hlahisoa ka tlas'a lebitso la khoutu. 21Lipekere. Mathata a 10 a ka sebelisoa hampe (ho kenyeletsoa ho etsa khoutu e nang le litokelo tsa metso) ka ho qhekella litaelo tsa SMTP ha o sebelisana le seva.
Mefuta eohle ea Exim, eo nalane ea eona e lateloang ho Git ho tloha 2004, e angoa ke bothata. Ho lokiselitsoe li-prototypes tse sebetsang bakeng sa bofokoli ba lehae ba 4 le mathata a 3 a hole. Lits'ebetso tsa bofokoli ba lehae (CVE-2020-28007, CVE-2020-28008, CVE-2020-28015, CVE-2020-28012) li u lumella ho phahamisa litokelo tsa hau ho mosebelisi oa metso. Litaba tse peli tse hole (CVE-2020-28020, CVE-2020-28018) li lumella khoutu ho etsoa ntle le netefatso joalo ka mosebelisi oa Exim (o ka fumana phihlello ea metso ka ho sebelisa bofokoli bo bong ba lehae).
Ho ba kotsing ea CVE-2020-28021 ho lumella ts'ebetso ea khoutu e hole hanghang e nang le litokelo tsa metso, empa e hloka phihlello e netefalitsoeng (mosebelisi o tlameha ho theha seboka se netefalitsoeng, kamora moo a ka sebelisa monyetla oa ho ba kotsing ka ho thetsa paramente ea AUTH ka taelo ea MAIL FROM). Bothata bo bakoa ke taba ea hore mohlaseli a ka khona ho kenya mohala sebakeng sa hlooho ea faele ea spool ka ho ngola boleng ba authenticated_sender ntle le ho phonyoha litlhaku tse khethehileng (mohlala, ka ho fetisa taelo "MAIL FROM:<> AUTH=Raven+0AReyes ”).
Ho feta moo, ho hlokometsoe hore ts'oaetso e 'ngoe e hole, CVE-2020-28017, e ka sebelisoa ho sebelisa khoutu ka "exim" litokelo tsa mosebelisi ntle le netefatso, empa e hloka memori e fetang 25 GB. Bakeng sa bofokoli bo setseng ba 13, menyetla le eona e ka lokisoa, empa mosebetsi o lebile ntlheng ena ha o so etsoe.
Baetsi ba Exim ba ile ba tsebisoa ka mathata morao koana ka Mphalane selemong se fetileng mme ba qeta likhoeli tse fetang 6 ba ntse ba lokisa. Balaoli bohle ba khothaletsoa ho nchafatsa Exim ho li-server tsa bona tsa mangolo ka potlako ho mofuta oa 4.94.2. Liphetolelo tsohle tsa Exim pele li lokolloa 4.94.2 li phatlalalitsoe hore ha li sa sebetsa. Phatlalatso ea mofuta o mocha e ne e hokahantsoe le liphatlalatso tse phatlalalitsoeng ka nako e ts'oanang lintlafatso tsa sephutheloana: Ubuntu, Arch Linux, FreeBSD, Debian, SUSE le Fedora. RHEL le CentOS ha li amehe ke bothata, kaha Exim ha e kenyelelitsoe polokelong ea bona e tloaelehileng ea sephutheloana (EPEL ha e e-so be le ntlafatso).
Bofokoli bo tlositsoeng:
- CVE-2020-28017: Palo e ngata e khaphatseha mosebetsing oa receive_add_recipient();
- CVE-2020-28020: Palo e khaphatsehang mosebetsing oa receive_msg();
- CVE-2020-28023: Ho tsoa meeling ho baloa ho smtp_setup_msg();
- CVE-2020-28021: Ho kenya sebaka sa Newline ho hlooho ea faele ea spool;
- CVE-2020-28022: Ngola 'me u bale sebakeng se ka ntle ho buffer e fanoeng mosebetsing oa extract_option();
- CVE-2020-28026: Ho fokotsa likhoele le ho kenya sebaka sa spool_read_header ();
- CVE-2020-28019: Ho senyeha ha ho tsosolosa pointer ea ts'ebetso ka mor'a hore phoso ea BDAT e hlahe;
- CVE-2020-28024: Buffer underflow ho smtp_ungetc() ts'ebetso;
- CVE-2020-28018: Mokhoa oa ho sebelisa buffer ka mor'a mahala ho tls-openssl.c
- CVE-2020-28025: Ho tsoa meeling ho baloe ts'ebetsong ea pdkim_finish_bodyhash().
Mefokolo ea lehae:
- CVE-2020-28007: Tlhaselo ea sehokelo sa tšoantšetso bukeng ea log ea Exim;
- CVE-2020-28008: Litlhaselo tsa directory tsa Spool;
- CVE-2020-28014: Pōpo ea faele e sa reroang;
- CVE-2021-27216: Ho tlosoa ha faele ka tsela e sa lebelloang;
- CVE-2020-28011: Buffer overflow in queue_run();
- CVE-2020-28010: Ho tsoa meeli ho ngola ka sehloohong ();
- CVE-2020-28013: Buffer e khaphatseha mosebetsing parse_fix_phrase();
- CVE-2020-28016: Ho tsoa meeling ho ngola ka parse_fix_phrase ();
- CVE-2020-28015: Ho kenya sebaka sa Newline ho hlooho ea faele ea spool;
- CVE-2020-28012: Folakha e haufi-ufi e sieo bakeng sa phala e khethehileng e sa boleloang ka lebitso;
- CVE-2020-28009: Palo e khaphatsehang mosebetsing oa get_stdinput() .
Source: opennet.ru