14 DAY TRIAL // Exim maintainers have released version 4.73 of the popular Internet mailer, which addresses a critical privilege escalation vulnerability disclosed as a zero-day last month.
The flaw, identified as CVE-2010-4345, consists of an input validation error which allows local users to execute arbitrary code with root privileges.
It affects Exim 4.72 and earlier versions and can be exploited by forcing a vulnerable installation to process a specially crafted configuration file.
The flaw was exploited in the wild in combination with a different buffer overflow vulnerability (CVE-2010-4344) which allows executing arbitrary code as the current user by sending a malformed email to the server.
According to the Exim developers, CVE-2010-4344 was actually patched as a bug in version 4.70, but its security implications were not known at the time.
Several modifications were made in order to resolve CVE-2010-4345. These include restricting the default behavior of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a configuration file to be writable by the Exim user or group.
Checks have been put in places to make sure configuration files loaded with the -C option are not going to be used with root privileges. Meanwhile, the ALT_CONFIG_ROOT_ONLY option can no longer be modified and has been set to always true.
There are also other changes to security-related features in the new release, such as improvements to OpenSSL and DomainKeys Identified Mail (DKIM) support, implementation of a more recent ClamAV API and the drop of the C99 va_copy() function.
"We recommend that users should migrate to 4.73 as soon as possible, however some distributions are instead using older releases with specific patches for these issues," the Exim maintainers write.
Exim is a very popular message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems. It is used as default MTA on Debian Linux and is commonly found together with the popular Mailman and cPanel software packages.