summaryrefslogtreecommitdiffstats
path: root/doc/cve-2019-15846/cve.txt
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--doc/cve-2019-15846/cve.txt45
1 files changed, 45 insertions, 0 deletions
diff --git a/doc/cve-2019-15846/cve.txt b/doc/cve-2019-15846/cve.txt
new file mode 100644
index 0000000..b52722b
--- /dev/null
+++ b/doc/cve-2019-15846/cve.txt
@@ -0,0 +1,45 @@
+CVE ID: CVE-2019-15846
+Date: 2019-09-02 (CVE assigned)
+Credits: Zerons <sironhide0null@gmail.com> for the initial report
+ Qualys https://www.qualys.com/ for the analysis
+Version(s): all versions up to and including 4.92.1
+Issue: A local or remote attacker can execute programs with root
+ privileges.
+
+Conditions to be vulnerable
+===========================
+
+If your Exim server accepts TLS connections, it is vulnerable. This does
+not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected.
+
+Details
+=======
+
+The vulnerability is exploitable by sending a SNI ending in a
+backslash-null sequence during the initial TLS handshake. The exploit
+exists as a POC. For more details see the document qualys.mbx
+
+Mitigation
+==========
+
+Do not offer TLS. (This mitigation is not recommended.)
+
+Fix
+===
+
+Download and build a fixed version:
+
+ Tarballs: https://ftp.exim.org/pub/exim/exim4/
+ Git: https://github.com/Exim/exim.git
+ - tag exim-4.92.2
+ - branch exim-4.92.2+fixes
+
+The tagged commit is the officially released version. The +fixes branch
+isn't officially maintained, but contains the security fix *and* useful
+fixes.
+
+If you can't install the above versions, ask your package maintainer for
+a version containing the backported fix. On request and depending on our
+resources we will support you in backporting the fix. (Please note,
+the Exim project officially doesn't support versions prior the current
+stable version.)