Re: [exim] Re: [exim-dev] buffer overflow?

Hi,

Eli wrote:

>I haven't read all the replies to this thread past this one, but here's a
>stab in the dark...
>
>I have a feeling Exim is just fine, and instead what you are all seeing is
>the result of a recent series of server hacks?
>
I doubt that: I'm quite sure that we're not dealing with a hacked server
here, and I just noticed the entries in my logs as well.

> A hack is e-mailing someone
>elses passwd and group files to servers and it does it by simply catting the
>file as imput thus generates a sync error.
>
>Can you verify this *is* your group file you're seeing?
>
I saw several unique group-entries for this host, so I'm confident that
this is our group (unfortunally). I also found our services file. They
weren't there before the 4.50 upgrade.

2005-03-13 07:10:40 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=someone.jp [219.126...] input="# $FreeBSD: src/etc/group,v 1.19.2.3
2002/06/30 17:57:17 des Exp $\n# ... (unique entries here ;-)) ..."

I just found the remote IP in sorbs btw, so I also assume it's no
legitimate user.

Paul

P.S. This specific machine is running 4.10 as well (although being far
from EoL it will be upgraded to the 5 series in the near future...)