Re: potential security hole(s) in 1.71

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: T. William Wells
Dátum:  
Címzett: Philip Hazel
CC: exim-users
Tárgy: Re: potential security hole(s) in 1.71
> You are right. I should and will fix that. However, fortuitously, it is
> safe because there are over 500 bytes available, and names returned by
> the DNS are limited to 255. RFC 1034 says:


Alas, not true. You overwrite smtp_data, whose position is
controllable by the outside user. To get the overrun, make the
HELO be followed by ~500 spaces....

--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/