Re: [exim-dev] Remote root vulnerability in Exim

Inizio della pagina
Questo messaggio è parte di questo thread:
M-\il thread completo ordinato per data
M.MTed Cooper at <-
M\MBrad Jorsch at ->
Delete this message
Reply to this message
Autore: Jeremy Harris
Data:  
To: exim-dev
Oggetto: Re: [exim-dev] Remote root vulnerability in Exim
On 2010-12-09 02:27, Ted Cooper wrote:
> The real issue here is why Exim is treating the HeaderX line like
> trusted configuration data. There must be a buffer overflow

Alternatively, the Debian config uses HeaderX for transmission of
generated content, and expands it deliberately. If so, it ought to
remove any HeaderX on input from the outside world.

I've not looked; could a Debian admin do so? 

Cheers,
    Jeremy


Questo messaggio è stato inviato alle seguenti mailing lists:
Exim-dev
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [exim-dev] Remote root vulnerability in EximRe: [exim-dev] Remote root vulnerability in Exim->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)