Autor: Peter Bowyer Data: A: Exim Users Mailing List Assumpte: [exim] Re: [exim-dev] buffer overflow?
On Sat, 12 Mar 2005 13:05:26 +0000, Subhi S Hashwa <lists@???> wrote: > Hello exim-dev,
>
> I am not a programmer, so I could be talking out of my backside
> here, going through my logfiles, I notice my /etc/group and
> /etc/services in the logfile as rejected input.
> A stripped version of the log entry is attached.
>
> Asking few people for advice they suggested it could be a buffer
> overflow exploit, since I am using Exim 4.50 I thought you guys
> might be interested in having a look.
>
> OS: FreeBSD 4.10-RELEASE-p2
>
> So, what happened there ? any suggestions and ideas are welcome.
What led you to consider it might be a buffer overflow in Exim?
Looks more like your machine was already compromised, and the rootkit
was busy trying to email your group and passwd files to somewhere -
fortunately for you, the script doing the mailing wasn't written to
speak properly synchronised SMTP, and Exim is clever enough to stop it
in its tracks.
Or something....
Peter
--
Peter Bowyer
Email: peter@???
Tel: +44 1296 768003
VoIP: sip:peter@???