Author: Oli Date: To: exim-dev Subject: Re: [exim-dev] Remote root vulnerability in Exim
Marc Haber wrote: > On Thu, Dec 09, 2010 at 11:29:14AM +0000, Jeremy Harris wrote:
>> Alternatively, the Debian config uses HeaderX for transmission of
>> generated content, and expands it deliberately.
> We don't do such things. In fact, our configuration is amazingly like
> exim's stock config, it's only more automatic.
> Hi guys,
Please excuse me posting to the dev list as I'm not an Exim dev, but I
believe I have a couple of vulnerable servers and wanted an expert
opinion on some remedial action I've taken:
* Remounted /var with nosuid
* Added global config to limit the overall header size to 5k and
individual header lines to 512 bytes, using header_maxsize and
The first would only mitigate the current exploit, as it may be possible
to create suid binaries under somewhere like /tmp instead.
It was the second I'm interested in. Do you know if the bug which makes
the remote execution exploit possible is triggered before or after the
header size or line length is checked?
Thanks very much in advance.
3aIT Limited - Official Corporate Sponsor of the British Bobsleigh Team
The information contained within this email is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient, any disclosure, copying or distribution of this email is prohibited and may be unlawful. The content of this email represents the views of the individual and not necessarily 3aIT Limited. 3aIT Limited reserves the right to monitor the content of all emails in accordance with lawful business practice. Whilst every effort is made to ensure that attachments are free from computer viruses before transmission, 3aIT Limited does not accept any liability in respect of any virus that is not detected.
This message was posted to the following mailing lists: