potential security hole(s) in 1.71

Page principale
Supprimer ce message
Répondre à ce message
Auteur: T. William Wells
Date:  
À: exim-users
Sujet: potential security hole(s) in 1.71
I was checking out the HELO verification code and noted two
problems:

     1) exim believes gethostbyaddr. Nonetheless, it is entirely
    possible to spoof one's reverse address records.


     2) exim copies, using strcpy, the results of gethostbyaddr,
    in at least one place. An immediate attack method is to
    create a long HELO line and a tailored DNS record to
    create overruns.


--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/