Re: [exim-dev] exim_dbmbuild buffer overflow

Top Page
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: Tim Jackson
CC: exim-dev
Subject: Re: [exim-dev] exim_dbmbuild buffer overflow
Tim Jackson wrote:

> Although not in any remotely default configuration, it could effectively
> be in some setups, where generation of domainlists (or whatever) was
> scripted, and some of that data ultimately came from user input. I bet
> lots of people have exim_dbmbuild called in scripts one way or another.
> Sure, some input sanity checking should happen further up the chain, but
> nonetheless the problem probably should be fixed.


The bug is in handling the name of the DB file, not the data which gets
into the file. Specifying a very long file name will crash the program.

DOH :)

Granted, it IS a bug, but the whole tone of the posting smells like "I
found a major security issue, answer NOW or I'll post it on bugtraq".

/tom