Re: [exim-dev] Remote root vulnerability in Exim

Startseite
Diese Nachricht ist Teil des folgenden Threads:
M-\Der komplette Thread sortiert nach Datum
M.MTed Cooper am <-
M\MBrad Jorsch am ->
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-dev
Betreff: Re: [exim-dev] Remote root vulnerability in Exim
On 2010-12-09 02:27, Ted Cooper wrote:
> The real issue here is why Exim is treating the HeaderX line like
> trusted configuration data. There must be a buffer overflow

Alternatively, the Debian config uses HeaderX for transmission of
generated content, and expands it deliberately. If so, it ought to
remove any HeaderX on input from the outside world.

I've not looked; could a Debian admin do so? 

Cheers,
    Jeremy


Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-dev
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [exim-dev] Remote root vulnerability in EximRe: [exim-dev] Remote root vulnerability in Exim->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)