Re: [exim-dev] Remote root vulnerability in Exim

Top Page

Reply to this message
Author: David Woodhouse
Date:  
To: Brent Jones
CC: exim-dev
Subject: Re: [exim-dev] Remote root vulnerability in Exim
On Fri, 2010-12-10 at 11:03 -0800, Brent Jones wrote:
> I believe Redhat ships a 4.6x version of Exim. I have a support
> contract with them if anyone believes it may be helpful to alert them
> about this issue and for them to distribute patched versions to Redhat
> customers.


Red Hat (with a space and a capital H) are aware and working on a fixed
package. They also helped with reproducing and diagnosing the exploit.

https://bugzilla.redhat.com/show_bug.cgi?id=661756 for CVE-2010-4344
https://bugzilla.redhat.com/show_bug.cgi?id=662012 for CVE-2010-4345

Fedora has Exim 4.72 and thus isn't affected.

--
dwmw2