Author: Tom Kistner Date: To: Tim Jackson CC: exim-dev Subject: Re: [exim-dev] exim_dbmbuild buffer overflow
Tim Jackson wrote:
> Although not in any remotely default configuration, it could effectively
> be in some setups, where generation of domainlists (or whatever) was
> scripted, and some of that data ultimately came from user input. I bet
> lots of people have exim_dbmbuild called in scripts one way or another.
> Sure, some input sanity checking should happen further up the chain, but
> nonetheless the problem probably should be fixed.
The bug is in handling the name of the DB file, not the data which gets
into the file. Specifying a very long file name will crash the program.
DOH :)
Granted, it IS a bug, but the whole tone of the posting smells like "I
found a major security issue, answer NOW or I'll post it on bugtraq".