admin | 26 May 17:00 2016

[Bug 1837] New: small subgroup attack

https://bugs.exim.org/show_bug.cgi?id=1837

            Bug ID: 1837
           Summary: small subgroup attack
           Product: Exim
           Version: N/A
          Hardware: All
                OS: All
            Status: NEW
          Severity: security
          Priority: medium
         Component: TLS
          Assignee: pdp <at> exim.org
          Reporter: luke.valenta <at> gmail.com
                CC: exim-dev <at> exim.org

The Diffie-Hellman parameters (e.g., dh_ike_23_pem) specified in
https://github.com/Exim/exim/blob/master/src/src/std-crypto.c do not include
the subgroup order. It is especially important to include the subgroup order
for groups with small subgroup order, such as RFC 5114 groups 22-24, and to
verify that a received Diffie-Hellman key exchange value is in the correct
subgroup in order to prevent an invalid subgroup attack. To properly validate
subgroup order, for a non-safe prime p and a known subgroup order q, a received
Diffie-Hellman key exchange value y should satisfy y^q == 1 mod p. For a safe
prime, it suffices to check that y is not 1 or p-1.

After CVE-2016-0701 (https://www.openssl.org/news/secadv/20160128.txt), OpenSSL
changed their behavior to validate subgroup order if it is specified. The
function DH_check_pub_key
(https://github.com/openssl/openssl/blob/master/crypto/dh/dh_check.c) is used
(Continue reading)

admin | 25 May 21:40 2016

[Bug 165] Avoid showing LDAP passwords in log lines for LDAP errors

https://bugs.exim.org/show_bug.cgi?id=165

Jeremy Harris <jgh146exb <at> wizmail.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #6 from Jeremy Harris <jgh146exb <at> wizmail.org> ---
Lacking further comments, closing

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##
admin | 24 May 19:40 2016

[Bug 1836] New: Unqualified arguments to VRFY (when received over local or remote SMTP) cause a segfault.

https://bugs.exim.org/show_bug.cgi?id=1836

            Bug ID: 1836
           Summary: Unqualified arguments to VRFY (when received over
                    local or remote SMTP) cause a segfault.
           Product: Exim
           Version: 4.87
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: ACLs
          Assignee: jgh146exb <at> wizmail.org
          Reporter: scrapedsebby <at> me.com
                CC: exim-dev <at> exim.org

An unqualified argument to VRFY in SMTP causes a segfault (0x1).  This seems to
be new with 4.87 where the ACL is processing the argument.  Splitting works
correctly if there is an  <at>  in the string, but it appears the address is assumed
qualified otherwise, which leads to an access violation at address 1 where the
length of a buffer is calculated on a NULL pointer following address splitting
with strrchr returning NULL.

smtp_setup_msg > acl_check > deliver_split_address > string_copylc >
strelen(NULL)

Verification otherwise works with unqualified addresses (with -bv).  EXPN also
works (although no ability to customise with the recipient ACL as for VRFY).

(Continue reading)

admin | 20 May 17:39 2016

[Bug 1835] New: Use after free of FILE *smtp_in, *smtp_out in server process after failed GnuTLS STARTTLS

https://bugs.exim.org/show_bug.cgi?id=1835

            Bug ID: 1835
           Summary: Use after free of FILE *smtp_in, *smtp_out in server
                    process after failed GnuTLS STARTTLS
           Product: Exim
           Version: 4.87
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: TLS
          Assignee: pdp <at> exim.org
          Reporter: bugzilla.exim.simon <at> arlott.org
                CC: exim-dev <at> exim.org

tls_server_start in tls-gnu.c closes smtp_out and smtp_in:

if (rc != GNUTLS_E_SUCCESS)
  {
  tls_error(US"gnutls_handshake",
      sigalrm_seen ? "timed out" : gnutls_strerror(rc), NULL);
  /* It seems that, except in the case of a timeout, we have to close the
  connection right here; otherwise if the other end is running OpenSSL it hangs
  until the server times out. */

  if (!sigalrm_seen)
    {
    (void)fclose(smtp_out);
(Continue reading)

admin | 18 May 09:16 2016

[Bug 1834] New: Crash after "rejected EXPN root"

https://bugs.exim.org/show_bug.cgi?id=1834

            Bug ID: 1834
           Summary: Crash after "rejected EXPN root"
           Product: Exim
           Version: 4.87
          Hardware: x86
                OS: All
            Status: NEW
          Severity: security
          Priority: medium
         Component: General execution
          Assignee: nigel <at> exim.org
          Reporter: exim.org <at> k8n.de
                CC: exim-dev <at> exim.org

I have these log lines in the log and exim did crash afterwards.

2016-05-18T02:09:36+02:00 router exim[9193]: 2016-05-18 02:09:36 no host name
found for IP address 61.139.60.142
2016-05-18T02:09:36+02:00 router exim[9193]: 2016-05-18 02:09:36
H=[61.139.60.142] rejected EXPN root
2016-05-18T02:09:36+02:00 router exim[9193]: 2016-05-18 02:09:36
H=[61.139.60.142] rejected EXPN root

The following entry from grsec is in the kernel log:
[103610.574334] grsec: From 61.139.60.142: Segmentation fault occurred at
0000000000000009 in /usr/sbin/exim[exim:9193] uid/euid:8/8 gid/egid:12/12,
parent /usr/sbin/exim[exim:2020] uid/euid:8/8 gid/egid:12/12
[103610.574511] grsec: From 61.139.60.142: bruteforce prevention initiated due
(Continue reading)

admin | 17 May 23:23 2016

[Bug 1833] New: Exim doesn't find ipv6 adressess when /proc/net/if_inet6 is not available

https://bugs.exim.org/show_bug.cgi?id=1833

            Bug ID: 1833
           Summary: Exim doesn't find ipv6 adressess when
                    /proc/net/if_inet6 is not available
           Product: Exim
           Version: 4.87
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Networking
          Assignee: nigel <at> exim.org
          Reporter: sander <at> hoentjen.eu
                CC: exim-dev <at> exim.org

On our servers the mail user (as which exim runs as) does not have access to
/proc/net/if_inet6 but the current implementation needs this.
I can fix it for myself by adding '#define HAVE_GETIFADDRS' to OS/os.h-Linux so
it looks like at least on my systems getifaddrs "does the right thing" TM
I can't find a reason not to switch to getifaddrs but maybe on very old linuxes
this doesn't work?

Current code seems quite old, it is from commit:
===========
commit 61ec970df30325dbcd8c9d0f0e431dc793126656
Author: Philip Hazel <ph10 <at> hermes.cam.ac.uk>
Date:   Wed Oct 6 15:07:39 2004 +0000

(Continue reading)

admin | 17 May 18:42 2016

[Bug 1832] New: Log reason for disconnection, as returned by remote host

https://bugs.exim.org/show_bug.cgi?id=1832

            Bug ID: 1832
           Summary: Log reason for disconnection, as returned by remote
                    host
           Product: Exim
           Version: 4.86+ HEAD
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: wishlist
          Priority: medium
         Component: Logging
          Assignee: nigel <at> exim.org
          Reporter: sander <at> hoentjen.eu
                CC: exim-dev <at> exim.org

Our server was on some internal blacklist, but that was a bit hard to
troubleshoot because the exim logs only showed a disconnect from the remote
host after a HELO.

below the real servername is replaced by <hostname>

=======================
exim log:
2016-05-17 17:04:00 H=mailin.kpnmail.nl [213.75.3.30]: Remote host closed
connection in response to HELO <hostname>
=======================

=======================
(Continue reading)

admin | 16 May 23:57 2016

[Bug 138] Use shared memory segment for queue list

https://bugs.exim.org/show_bug.cgi?id=138

Jeremy Harris <jgh146exb <at> wizmail.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://bugs.exim.org/show_
                   |                            |bug.cgi?id=1292

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##
admin | 10 May 12:00 2016

[Bug 1831] New: speculative debugging

https://bugs.exim.org/show_bug.cgi?id=1831

            Bug ID: 1831
           Summary: speculative debugging
           Product: Exim
           Version: 4.87
          Hardware: All
                OS: All
            Status: NEW
          Severity: wishlist
          Priority: medium
         Component: Logging
          Assignee: nigel <at> exim.org
          Reporter: jgh146exb <at> wizmail.org
                CC: exim-dev <at> exim.org

We can conditionally enable debug with an ACL control=.  It would be convenient
to be able to also discard a message's debug that was previously enabled;
this would reduce the volume of debug output to wade through when hunting an
intermittent problem.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##
admin | 7 May 17:29 2016

[Bug 1825] $regex1

https://bugs.exim.org/show_bug.cgi?id=1825

Jeremy Harris <jgh146exb <at> wizmail.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |REMIND
             Status|NEW                         |RESOLVED

--- Comment #2 from Jeremy Harris <jgh146exb <at> wizmail.org> ---
Closing due to lack of info

-- 
You are receiving this mail because:
You are on the CC list for the bug.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##
admin | 6 May 15:27 2016

[Bug 165] Avoid showing LDAP passwords in log lines for LDAP errors

https://bugs.exim.org/show_bug.cgi?id=165

--- Comment #5 from Git Commit <git <at> exim.org> ---
Git commit:
http://git.exim.org/exim.git/commitdiff/f42deca923414cedcbb6d6646afbef460f50080c

commit f42deca923414cedcbb6d6646afbef460f50080c
Author:     Jeremy Harris <jgh146exb <at> wizmail.org>
AuthorDate: Fri May 6 13:07:18 2016 +0100
Commit:     Jeremy Harris <jgh146exb <at> wizmail.org>
CommitDate: Fri May 6 13:38:56 2016 +0100

    avoid exposing passwords in log, on failing ldap lookup expansion.  bug 165
----
 doc/doc-txt/ChangeLog |  2 +-
 src/src/deliver.c     | 20 +++-----------------
 src/src/expand.c      | 23 +++++++++++++++++++++++
 src/src/functions.h   |  1 +
 src/src/rewrite.c     | 17 +----------------
 src/src/route.c       | 17 ++---------------
 6 files changed, 31 insertions(+), 49 deletions(-)

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##

Gmane