Autor: Suresh Ramasubramanian Fecha: A: exim-users Asunto: [Exim] Bugtraq post on old (pre 4.21) heap overflow in Exim
Fairly old news, but still ...
> Message-ID: <20030901060034.GH6875@???>
> From: Nick Cleaton <nick@???>
> To: bugtraq@???
> Subject: exim remote heap overflow, probably not exploitable
> Date: Mon, 1 Sep 2003 07:00:34 +0100
>
>
> Exim (www.exim.org) is a message transfer agent (MTA) developed
> at the University of Cambridge for use on Unix systems connected
> to the Internet.
>
> There's a heap overflow in all versions of exim3 and exim4 prior
> to version 4.21. It can be exercised by anyone who can make an
> SMTP connection to the exim daemon.
>
> The overflow is very limited, and in my opinion it's probably not
> exploitable. However, it's possible that this will prove to be
> exploitable for arbitrary command execution on some platforms in
> some circumstances.
>
> Patches:
>
> http://www.exim.org/pipermail/exim-announce/2003q3/000094.html >
> Full details coming soon to vuln-dev.
>
> --
> Nick Cleaton
> nick@???