Does Exim flaw CVE-2010-4344 affect Red Hat Enterprise Linux?

Updated -

Issue

A remote code execution flaw was found in versions of Exim mail server prior to version 4.70. This flaw allows a remote attacker to execute arbitrary commands with the permission of the exim user, which could then leverage a privilege escalation flaw in Exim (CVE-2010-4345, Red Hat Bugzilla bug 662012) to gain root privileges. This flaw has been assigned CVE-2010-4344 (Red Hat Bugzilla bug 661756).

In order to exploit this flaw, an attacker must be able to connect directly to an Exim server and issue commands.

Exim is not shipped in Red Hat Enterprise Linux 6.

Environment

  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 5

Resolution

This issue has been fixed in Red Hat Enterprise Linux 4 and 5, Red  Hat Enterprise Linux 4.7, 5.3, and 5.4 Extended Update Support via the  Red Hat Security Advisory RHSA-2010:0970. Please upgrade the Exim package per RHSA-2010-0970 to obtain the fix.

Mitigation

It is possible to add a configuration file option to prevent this flaw from being exploited using the published exploit. This can be achieved by disabling logging of full message headers of rejected mail messages, which is enabled by default, by adding the following option to the the Exim configuration file (/etc/exim/exim.conf):

log_selector = -rejected_header

It is not yet known if this mitigation would block all possible exploits for this issue, and we advise affected customers to install update Exim packages as soon as possible.

Further Assistance

If you require assistance with mitigating this issue, please contact Red Hat support.