Re: [exim-dev] Remote root vulnerability in Exim

Top Page

Reply to this message
Author: Brad Jorsch
To: exim-dev
Subject: Re: [exim-dev] Remote root vulnerability in Exim
On Thu, Dec 09, 2010 at 12:27:30PM +1000, Ted Cooper wrote:
> The real issue here is why Exim is treating the HeaderX line like
> trusted configuration data. There must be a buffer overflow but I
> haven't spotted it in the few minutes I've looked at this. I can
> probably find it without the data dump but if someone else can put some
> eyes on this too that would be great. I'm not that good at spotting
> things like this but no-one else has said anything.

I've tried to take a look, but I haven't been able to reproduce it in a
quick attempt.