Author: James E. Blair Date: To: Sergey Kononenko CC: exim-dev, pkg-exim4-maintainers, Paul Fisher Subject: Re: [exim-dev] Remote root vulnerability in Exim
On 12/07/2010 01:59 PM, Sergey Kononenko wrote: > Hi,
> While investigating security break in the network of my company, I've
> captured (by tcpdump) sequence of successful remote root attack through
> Exim. It was Exim from Debian Lenny (exim4-daemon-light 4.69-9).
Paul Fisher and I have successfully run the exploit against a copy of
Exim running in a debugger on debian lenny, and we believe it utilizes