In association with heise online

26 October 2012, 16:58

Exim mail servers susceptible to DKIM attacks

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Exim logo

There is a critical vulnerability in functions for verifying DKIM signatures in the widely used open source mail server Exim. The problem appears to be a buffer overflow on the heap which can be exploited by crafted DNS records to inject code that could compromise the server.

According to an announcement on the Exim mailing list (alternative list archive), versions 4.70 to 4.80 are affected, if DKIM support is included. The developers have released version 4.80.1 which specifically fixes this vulnerability. To avoid confusion, the next version will not be named 4.81.

As a workaround, DKIM verification can be disabled using the option

warn control = dkim_disable_verify

within an ACL. Author Phil Pennock apologised for releasing a patch of this type on a Friday, but could see no other viable alternative. Both Debian and Ubuntu have released packages in which the vulnerability is fixed


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit