It was reported [1],[2] that Exim would improperly interpret '%' in a DKIM (DomainKeys Identified Mail) signature, which would get logged to the paniclog. It is possible that using '%n' in the DKIM signature could be used to verwrite stack data, which could cause Exim to crash. DKIM support has been in Exim since version 4.70. A fix has been pushed upstream [3]. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670 [2] http://bugs.exim.org/show_bug.cgi?id=1106 [3] http://git.exim.org/exim.git/commitdiff/337e3505b0e6cd4309db6bf6062b33fa56e06cf8 Statement: Not vulnerable. This issue did not affect the versions of exim as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for DKIM.
Created exim tracking bugs for this issue Affects: fedora-all [bug 702475]
A workaround is to add "control = dkim_disable_verify" to an ACL to prevent processing DKIM signatures.
Created exim tracking bugs for this issue Affects: epel-6 [bug 705448]
According to: http://wiki.exim.org/EximSecurity This was resolved in upstream 4.76. Current supported versions of Fedora provide 4.76, however EPEL6 still provides 4.72 and is still vulnerable.
It seems that EPEL6 did fix this, but incorrectly noted the wrong CVE: exim-4.72-0003-CVE-2011-1407.patch is from the git commit above, so it actually fixes CVE-2011-1764 and _not_ CVE-2011-1407 as the patch name and changelog implied.