Mail Servers have DKIM Hole

Tuesday, October 30, 2012 @ 08:10 AM gHale


There is a critical vulnerability in functions for verifying DomainKeys Identified Mail (DKIM) signatures in the widely used open source mail server Exim.

The problem appears to be a buffer overflow on the heap that an attacker can exploit with crafted DNS records to inject code that could compromise the server.

RELATED STORIES
Weak Crypto Keys Fixed
Windows Help Files an Attack Vector
Apple ID Phishing Scam
Phishing Attacks Elevate

According to the Exim mailing list, versions 4.70 to 4.80 suffer from the issue, if DKIM support is included. The developers released version 4.80.1 which specifically fixes this vulnerability. To avoid confusion, the next version will have the name 4.81.

As a workaround, a user can disable DKIM verification using the option tab.

Just last week, Zach Harris, a Florida-based mathematician, found the DKIM key Google uses for the google.com emails was only 512 bits long and, therefore, crackable within days with the help of cloud computing.

He also found a flaw in the receiving domains, which often accept test DKIM keys, verifying the emails as legitimate instead of as unsigned.

US-CERT issued a warning about the issue, advising system administrators to check the length of DKIM keys, to replace them (if needed) with 1024 bit or longer keys (particularly for long-lived keys), and to configure their systems to not use or allow testing mode on production servers.



Leave a Reply

You must be logged in to post a comment.