This problem is fixed in 4.96.
Exim before 4.96 has a memory leak in smtp_parse_response because it does not set $smtp_data correctly.
In Exim before 4.96 pam_converse() in auths/call_pam.c calls pam_send_password() with a NULL password. This breaks GnuPG signing and causes the server to reject all connections.
This problem is fixed in Exim 4.97.
Exim before 4.96 does not check the return value of pam_send_password() to see if it was successful (was it rejected by the user's pam? was there an error? etc). This can cause Exim to send emails with encrypted data to a user who has disabled SMTP on their mail server.
This problem is fixed in Exim 4.97.
In Exim before 4.96, the function get_message() in util.c does not check if the $sender_address is a valid address. As a result, if a user sends email from an IP address which is not reachable by the server, get_message() will try to send email back to the sender.
This problem is fixed in Exim 4.97.
Exim before 4.96 does not set the message type when sending email via a relay server. This can result in emails
How to install Exim?
Exim is usually installed on Linux, BSD, and Solaris operating systems. To install it on Debian-based systems:
apt-get install exim4
How To Fix This Problem? Exim-4.96.tar.gz
Timeline
Published on: 08/06/2022 18:15:00 UTC
Last modified on: 08/11/2022 00:13:00 UTC
References
- https://www.exim.org/static/doc/security/
- https://github.com/ivd38/exim_invalid_free
- https://github.com/Exim/exim/compare/exim-4.95...exim-4.96
- https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html
- https://www.openwall.com/lists/oss-security/2022/08/06/1
- https://github.com/Exim/exim/wiki/EximSecurity
- https://cwe.mitre.org/data/definitions/762.html
- https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37451