A heap-buffer overflow was found in the DKIM DNS decode logic, used by exim. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exim.
This is fixed in version 4.80.1
Created attachment 633222 [details]
Support for DKIM (DomainKeys Identified Mail) in exim was introduced in version 4.70. Also version 4.69 had experimental support. More details available at:
Red Hat Enterprise Linux 5, ships version exim-4.63, which does not contain the vulnerable DKIM code. Hence the version of exim shipped with Red Hat Enterprise Linux 5 is not vulnerable to this issue.
Not Vulnerable. This issue does not affect the version of exim as shipped with Red Hat Enterprise Linux 5.
This issue affects the version of exim as shipped with Fedora 16 and Fedora 17.
The issue affects the version of exim as shipped with EPEL-6.
Created exim tracking bugs for this issue
Affects: fedora-all [bug 870347]
Affects: epel-6 [bug 870348]
*** Bug 870356 has been marked as a duplicate of this bug. ***
Can this be closed?
It was fixed for FC 16 / 17 and FC 18 comes with 4.80.1
Yes, closing, thank you!