Update Protection against Exim MTA string_format Remote Code Execution Vulnerability
| Check Point Reference: | CPAI-2010-348 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA40019 | |
| Industry Reference(s): | CVE-2010-4344 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Exim.org Exim4 4.69 and prior | ||
| Vulnerability Description A heap buffer overflow vulnerability has been reported in Exim Mail Transfer Agent (MTA). The Exim mail server is a full featured mail transfer agent (MTA) used in Unix-like platforms. It contains implementations of SMTP server for incoming messages as well as an SMTP or LMTP client for outgoing email. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. |
||
|
Update/Patch Available Apply patches: Exim-Dev |
|
|
Vulnerability Details The vulnerability is due to a buffer overflow in the Exim MTA that fails to properly handle malformed email headers. A remote attacker may exploit this issue to execute arbitrary code on an Exim server by sending a specially crafted email to the vulnerable server. Successful exploitation of this vulnerability would allow the attacker to execute code within the security context of the affected server.
|
Protection Overview
This protection detects and blocks malformed emaila sent to the vulnerable server.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection taband select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.