Re: [exim-dev] Remote root vulnerability in Exim

Top Page
This message is part of the following thread:
M---+-+--+\the complete thread tree sorted by date
M+\.M\M..MMDavid Woodhouse at <-
MMM\MMMM.MMStefan Fritsch at ->
Delete this message
Reply to this message
Author: James E. Blair
Date:  
To: Sergey Kononenko
CC: exim-dev, pkg-exim4-maintainers, Paul Fisher
Subject: Re: [exim-dev] Remote root vulnerability in Exim
On 12/07/2010 01:59 PM, Sergey Kononenko wrote:
> Hi,
>
> While investigating security break in the network of my company, I've
> captured (by tcpdump) sequence of successful remote root attack through
> Exim. It was Exim from Debian Lenny (exim4-daemon-light 4.69-9).

Paul Fisher and I have successfully run the exploit against a copy of
Exim running in a debugger on debian lenny, and we believe it utilizes
this bug:

http://bugs.exim.org/show_bug.cgi?id=787

It was fixed in 4.70, but not in the version currently in debian
stable.

James E. Blair
UC Berkeley

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] Remote root vulnerability in EximRe: [exim-dev] Remote root vulnerability in Exim->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)