Bug 1044692 (CVE-2017-1000369) - VUL-0: CVE-2017-1000369: exim: Qualys new root/setuid privilege escalation method 05-2017
Summary: VUL-0: CVE-2017-1000369: exim: Qualys new root/setuid privilege escalation me...
Status: RESOLVED FIXED
Alias: CVE-2017-1000369
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv3:RedHat:CVE-2017-1000369:2.9:(A...
Keywords:
Depends on:
Blocks: 1037551
  Show dependency treegraph
 
Reported: 2017-06-16 12:27 UTC by Marcus Meissner
Modified: 2024-07-15 17:05 UTC (History)
14 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
diff (2.20 KB, patch)
2017-06-18 09:02 UTC, Marcus Meissner 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2017-06-18 09:02:25 UTC 
Created attachment 729304 [details]
diff

Heiko Schlittermann <hs@schlittermann.de> (Do 15 Jun 2017 00:00:04 CEST):
> Hello packagers of Exim,> We got CVE-2017-1000369 for a vulnerability that can be exploited
> through Exim.  As Exim itself is not exploitable, and as we do not
> understand the fix as a security issue in Exim itself, we do not see a
> reason for a point release.
> 
> We have a small patch already. As soon as possible I'll publish an
> exim-4_89+fixes branch. I'll put there some additional backported
> (from devel branch) minor security enhancements and send you an
> notification as soon as the +fixes branch is available.

As we are somewhat delayed with creating a new (point?) release, I'd
kindly ask you to include tis commit into your packaged versions of
Exim: 65e061b76867a9ea7aeeb535341b790b90ae6c21

There should be no impact for ordninary users of Exim. It prevents
the multiple use of '-p <protocol>' option for the command line
invocation. (There is probably no use case for doing so.) By this small
patch we can help improving the security of the underlying system.

This commit is part of the current, but not yet released master branch.
We'll prepare a new Exim version, or do a point release, including this
commit. Until this is done, please include this patch manually.

In case you do not have access to the Git repo, the patch is attached to
this message. It should apply cleanly.

Thank you for your understanding.
Comment 2 Marcus Meissner 2017-06-19 11:11:59 UTC 
CRD: 2017-06-19 15:00 UTC
Comment 3 Marcus Meissner 2017-06-19 15:21:55 UTC 
This issue is now public

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Comment 4 Marcus Meissner 2017-06-20 09:36:08 UTC 
submitted exim for 42.2 and factory. 

42.2 released. factory is  waiting for package / project maitnainer acceptance.
Comment 5 Swamp Workflow Management 2017-06-20 13:10:59 UTC 
openSUSE-SU-2017:1625-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1044692
CVE References: CVE-2017-1000369
Sources used:
openSUSE Leap 42.2 (src):    exim-4.86.2-10.3.1
Comment 6 Swamp Workflow Management 2017-08-29 16:39:47 UTC 
openSUSE-SU-2017:2289-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1015930,1044692,1046971
CVE References: CVE-2016-1531,CVE-2016-9963,CVE-2017-1000369
Sources used:
openSUSE Leap 42.3 (src):    exim-4.86.2-14.1
openSUSE Leap 42.2 (src):    exim-4.86.2-10.6.1
Comment 7 OBSbugzilla Bot 2024-07-15 17:05:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1044692) was mentioned in
https://build.opensuse.org/request/show/1187597 Backports:SLE-15-SP6 / exim