Re: [exim-dev] Remote root vulnerability in Exim

Top Pagina
Deze boodschap maakt deel uit van devolgende draad:
M-\de volledige draad-boom gesorteerd op datum
M.MTed Cooper op <-
M\MBrad Jorsch op ->
Delete this message
Reply to this message
Auteur: Jeremy Harris
Datum:  
Aan: exim-dev
Onderwerp: Re: [exim-dev] Remote root vulnerability in Exim
On 2010-12-09 02:27, Ted Cooper wrote:
> The real issue here is why Exim is treating the HeaderX line like
> trusted configuration data. There must be a buffer overflow

Alternatively, the Debian config uses HeaderX for transmission of
generated content, and expands it deliberately. If so, it ought to
remove any HeaderX on input from the outside world.

I've not looked; could a Debian admin do so? 

Cheers,
    Jeremy


Deze boodschap werd naar devolgende mailinglijsten gestuurd:
Exim-dev
Mailing Lijst Info | Nabije Berichten		<-Re: [exim-dev] Remote root vulnerability in EximRe: [exim-dev] Remote root vulnerability in Exim->
Tahini and Hummus and Cumin Development Archives beheerd door cumin AdminsLurker (versie 2.3)