Re: [exim-dev] exim_dbmbuild buffer overflow

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Tim Jackson
Datum:  
To: exim-dev
Betreff: Re: [exim-dev] exim_dbmbuild buffer overflow
Tom Kistner wrote:

> alberto barbaro wrote:
>> sh-2.05b$ echo "a" > a.txt && exim_dbmbuild a.txt `perl -e 'print"A"x5000'`
>> Segmentation fault


> (Hint: exim_dbmbuild is not installed setuid,


This does stop it being a major security issue but doesn't stop it being
a legitimate bug.

> nor is it invoked by a remote operation).


Although not in any remotely default configuration, it could effectively
be in some setups, where generation of domainlists (or whatever) was
scripted, and some of that data ultimately came from user input. I bet
lots of people have exim_dbmbuild called in scripts one way or another.
Sure, some input sanity checking should happen further up the chain, but
nonetheless the problem probably should be fixed.

Tim