registry team mailing list archive

Thread
Date

[Bug 688672] Re: remote code execution as per DSA-2131-1

To: registry@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Mon, 13 Dec 2010 12:48:39 -0000
Reply-to: Bug 688672 <688672@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The remote code execution (CVE-2010-4344) affected 4.69 and earlier
(Ubuntu 9.10 and earlier). This was fixed last week in
http://www.ubuntu.com/usn/usn-1032-1. The privilege escalation issue
(CVE-2010-4345) affects all releases but has not been fixed yet since
upstream hasn't decided on the best way to fix it. The exploit in the
wild would exploit CVE-2010-4344 to execute arbitrary code and then use
the vulnerability in CVE-2010-4345 to escalate to root. By fixing
CVE-2010-4344, the remote attack vector is closed. A fix for
CVE-2010-4345 will be provided when one becomes available.

** Changed in: exim4 (Ubuntu)
       Status: Confirmed => Triaged

** Changed in: exim4 (Ubuntu)
       Status: Triaged => Fix Released

** Changed in: exim4 (Ubuntu)
   Importance: Undecided => High

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4345

-- 
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.
https://bugs.launchpad.net/bugs/688672

Title:
  remote code execution as per DSA-2131-1