Re: [exim-dev] exim_dbmbuild buffer overflow

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Tim Jackson
日付:  
To: exim-dev
題目: Re: [exim-dev] exim_dbmbuild buffer overflow
Tom Kistner wrote:

> alberto barbaro wrote:
>> sh-2.05b$ echo "a" > a.txt && exim_dbmbuild a.txt `perl -e 'print"A"x5000'`
>> Segmentation fault


> (Hint: exim_dbmbuild is not installed setuid,


This does stop it being a major security issue but doesn't stop it being
a legitimate bug.

> nor is it invoked by a remote operation).


Although not in any remotely default configuration, it could effectively
be in some setups, where generation of domainlists (or whatever) was
scripted, and some of that data ultimately came from user input. I bet
lots of people have exim_dbmbuild called in scripts one way or another.
Sure, some input sanity checking should happen further up the chain, but
nonetheless the problem probably should be fixed.

Tim