Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

A security vulnerability in Exim

User discussion about Debian Development, Debian Project News and Announcements. Not for support questions.
Post Reply
Message
Author
rickbol

Re: A security vulnerability in Exim

#16 Post by rickbol »

My machine was rooted by this vulnerabilty. I'm in the process of recovering, and it isn't going well.

I've restored a backup and tried to "upgrade" (which updates to the patched exim4). Unfortunately, exim (and avahi-daemon) failed to start with the exim error being: "user mail was not found" when dpkg tries to run exim4.config. The full apt-get error sequence is:

Setting up exim4-config (4.69-9+lenny1) ...
2010-12-31 15:50:29 Exim configuration error in line 642 of /var/lib/exim4/config.autogenerated.tmp:
user mail was not found
2010-12-31 15:50:29 Exim configuration error in line 642 of /var/lib/exim4/config.autogenerated.tmp:
user mail was not found
2010-12-31 15:50:29 Exim configuration error in line 642 of /var/lib/exim4/config.autogenerated.tmp:
user mail was not found
exim: could not open panic log - aborting: see message(s) above
Invalid new configfile /var/lib/exim4/config.autogenerated.tmp, not installing
/var/lib/exim4/config.autogenerated.tmp to /var/lib/exim4/config.autogenerated
dpkg: error processing exim4-config (--configure):
subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of exim4-base:
exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
Package exim4-config is not configured yet.
Package exim4-config-2 is not installed.
Package exim4-config which provides exim4-config-2 is not configured yet.
dpkg: error processing exim4-base (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of exim4-daemon-light:
exim4-daemon-light depends on exim4-base (>= 4.69); however:
Package exim4-base is not configured yet.
dpkg: error processing exim4-daemon-light (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of bsd-mailx:
bsd-mailx depends on exim4 | mail-transport-agent; however:
Package exim4 is not installed.
Package mail-transport-agent is not installed.
Package exim4-daemon-light which provides mail-transport-agent is not configured yet.
dpkg: error processing bsd-mailx (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of mailx:
mailx depends on bsd-mailx; however:
Package bsd-mailx is not configured yet.
dpkg: error processing mailx (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
exim4-config
exim4-base
exim4-daemon-light
bsd-mailx
mailx
E: Sub-process /usr/bin/dpkg returned an error code (1)

I've removed\purged exim and tried to reinstall, but get the same error. After hours reading various reports of this exim error, the only "solved" threads (from years ago) were regarding various file permission issues (at least one case regarding /etc/passwd). in my case, strace shows the following file access failures:

38733:610 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
38735:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38742:610 <... open resumed> ) = -1 EACCES (Permission denied)
38750:610 <... open resumed> ) = -1 EACCES (Permission denied)
38764:610 <... open resumed> ) = -1 EACCES (Permission denied)
38767:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38769:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38771:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38774:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38776:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38778:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38781:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38783:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38785:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38788:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38790:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38792:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38795:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38797:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)

"chmod 777 /etc/passwd" doesn't help.

Another fix was to modify line 642 of /var/lib/exim4/config.autogenerated.tmp from "user = mail" to "user = 8" (the "number" for the "mail" user?), but the thread rightly suggested that this wasn't advisable.

Anyone have any ideas about what's wrong with /etc/passwd and how to fix it?

Many thanks
rickbol

User avatar
natirips
Posts: 32
Joined: 2010-06-22 10:19
Location: Solar system/~Zagreb

Re: A security vulnerability in Exim

#17 Post by natirips »

rickbol wrote:"chmod 777 /etc/passwd" doesn't help.
Never do that. That would let anyone do whatever they want with your password.

raboof
Posts: 67
Joined: 2008-08-02 10:47

Re: A security vulnerability in Exim

#18 Post by raboof »

rickbol wrote:exim (and avahi-daemon) failed to start with the exim error being: "user mail was not found" when dpkg tries to run exim4.config.
Sorry for perhaps asking the obvious, but do you have a 'mail' user? ;)

User avatar
bugsbunny
Posts: 5354
Joined: 2008-07-06 17:04
Been thanked: 1 time

Re: A security vulnerability in Exim

#19 Post by bugsbunny »

To check if you have a mail user, and if it's setup correctly:

Code: Select all

# grep mail /etc/passwd /etc/shadow
/etc/passwd:mail:x:8:8:mail:/var/mail:/bin/sh
/etc/shadow:mail:*:14576:0:99999:7:::

mildred

Re: A security vulnerability in Exim

#20 Post by mildred »

I had a similar problem.

My server had its root filesystem on an sdcard, and over time, i got many I/O errors. Today, I replaced it with a hard drive. I copied everything from the exsiting sdcard to the hard disk using `cp -a`. Surprisingly, most things works fine ... except avahi-daemon (and postfix). Also, I could start avahi-daemon, but using --no-drop-root.

Both get permission denied looking at world-readable files, or files they should be able to read anyway.

After looking at everything, I noticed that when I did ls -la /etc, the ".." directory had strange permissions... in fact, when I formatted the hard drive, using disk utilities, It changed ownership of the whole filesystem to my user id. My solution was to do both:

Code: Select all

chown root:root /
chmod 755 /
Everything seems to work fine now !

Post Reply