Re: [exim-dev] Remote root vulnerability in Exim

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M-\Brad Jorsch at <-
M\MGraeme Fowler at ->
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim-dev
Subject: Re: [exim-dev] Remote root vulnerability in Exim
On 10/12/10 00:20, Brad Jorsch wrote:
> I've tried to take a look, but I haven't been able to reproduce it in a
> quick attempt.

My attempt to hunt it down without the dump ended up being quite
fruitless, except for finding where the headers are read in and the
memory allocated for them. After grabbing the dump off Sergey I
discovered I was thinking far too small with the amount of data that was
being sent.

I'm in the process of attempting to write something to reproduce the
result but I have a feeling it's going to be based on a very exact
amount of data being sent which is very dependant on the system exim is
running on.

Is anyone else working on this in the background?

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] Remote root vulnerability in EximRe: [exim-dev] Remote root vulnerability in Exim->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)