Re: [exim-dev] Remote root vulnerability in Exim

著者: Jeremy Harris
日付:
To: exim-dev
題目: Re: [exim-dev] Remote root vulnerability in Exim

On 2010-12-09 02:27, Ted Cooper wrote:
> The real issue here is why Exim is treating the HeaderX line like
> trusted configuration data. There must be a buffer overflow

Alternatively, the Debian config uses HeaderX for transmission of
generated content, and expands it deliberately. If so, it ought to
remove any HeaderX on input from the outside world.

I've not looked; could a Debian admin do so?

Cheers,
    Jeremy

このメッセージは次のスレッドの一部です:
	日付によるスレッドの仕分け
	Ted Cooper 、
	Brad Jorsch 、