Re: [exim-dev] Remote root vulnerability in Exim

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Brad Jorsch
Date:  
À: exim-dev
Sujet: Re: [exim-dev] Remote root vulnerability in Exim
On Thu, Dec 09, 2010 at 12:27:30PM +1000, Ted Cooper wrote:
>
> The real issue here is why Exim is treating the HeaderX line like
> trusted configuration data. There must be a buffer overflow but I
> haven't spotted it in the few minutes I've looked at this. I can
> probably find it without the data dump but if someone else can put some
> eyes on this too that would be great. I'm not that good at spotting
> things like this but no-one else has said anything.


I've tried to take a look, but I haven't been able to reproduce it in a
quick attempt.