Autor: Michael Scott Shappe Datum: To: exim-users Betreff: Re: [Exim] HELO overflow?
> It is true that it then goes on to read more input, but I don't see how > that can produce a vulnerability. In any case, after too many
> unrecognized commands it will close the connection.
*Nod* OK. I suspect that Nessus is interpreting this disconnection as a
crash, then. Nessus probably figures it should continue to get responses as
long as it continues to send input, even if that input is nonsense.
Of course, it's not clear to me how Nessus could distinguish between the two
conditions, unless Exim sends some standard code to say goodbye before
disconnecting.
Thank you for calming my nerves :-) I just switched to exim in large part
because I'd heard such good reports of its security and reliability...