Bug#607576: exim4-config: after upgrade, /etc/exim4/exim4.conf is present and breaks exim
Andreas Metzler
ametzler at downhill.at.eu.org
Mon Dec 20 09:21:04 UTC 2010
On 2010-12-19 Andrew Pimlott <andrew at pimlott.net> wrote:
> Package: exim4-config
> Version: 4.69-9+lenny1
> Severity: important
> I have a locally-compiled exim4-daemon-custom package, along with the
> standard exim4, exim4-base, and exim4-config packages. Recently, they were
> all at 4.69-9 when 4.69-9+lenny1 hit security. aptitude prompted me to
> upgrade exim4, exim4-base, and exim4-config from 4.69-9 -> 4.69-9+lenny1,
> and I accepted--probably foolishly, since exim4-daemon-custom was still at
> 4.69-9.
[...]
> I have resolved the problem, but I can't really figure out what happened.
> The odd thing I noticed is that when things weren't working, I had an
> /etc/exim4/exim4.conf.
[...]
> So is it possible that my upgrade somehow created the exim4.conf that broke
> my configuration? I understand that getting my packages out of sync the way
> I did is probably not supported, but I would still like to get to the bottom
> of this.
[...]
Looks like your system has been hacked, since exim4-daemon-custom was
vulnerable to CVE-2010-4344. http://www.debian.org/security/2010/dsa-2131
You will probably need to re-install from backup or safe installation
media and build a exim4-daemon-custom from 4.69-9+lenny1 sources to
prevent another break in.
sorry, cu andreas
More information about the Pkg-exim4-maintainers
mailing list