Threat Center Security News Improper assertion of DKIM-Milter may cause crash
Improper assertion of DKIM-Milter may cause crash Print E-mail
Written by Rebecca Mints   
Friday, 13 March 2009 01:49

Debian Security has recently discovered a new vulnerability in DKIM-Milter, a DomainKeys Identified Mail protocol used in Linux, that can crash the system.

According to a security advisory released last week by Debian, a flaw in the DKIM-Milter triggers an improper assertion while implementing a DKIM verification.

During the process of DKIM verification, the DKIM-Milter may encounter a revoked public key record in the Domain Name System (DNS). Attackers usually create such public key records that are intended to punch a hole in the system and make it vulnerable to threats.

Debian said that the old stable distribution (etch) does not include dkim-milter packages. However, a fix has been included in version 2.6.0.dfsg that passed stable distribution.

Users are advised to upgrade their dkim-milter packages to patch the vulnerability. For users with the apt-get package manager, a source.list is available to upload updated version of the package. There is also an automated update available on the Debian website.



WTW Threat Level