[exim-dev] [Bug 1135] New: posible vulnerability same buffer…

Top Page
Delete this message
Reply to this message
Author: Adrian P
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1135] New: posible vulnerability same buffer overflow exploit
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1135
           Summary: posible vulnerability  same buffer overflow exploit
           Product: Exim
           Version: 4.76
          Platform: Other
        OS/Version: FreeBSD
            Status: NEW
          Severity: bug
          Priority: high
         Component: Delivery in general
        AssignedTo: nigel@???
        ReportedBy: adi@???
                CC: exim-dev@???



i had exim 4.69 on freebsd and was hacked with buffer overflow exploit
after that i upgraded to 4.76 :

exim -bV
Exim version 4.76 #0 (FreeBSD 7.2) built 29-Jul-2011 17:54:42
Copyright (c) University of Cambridge, 1995 - 2007
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl Expand_dlfunc
OpenSSL Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz
dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/local/etc/exim/configure

and today i found the same perl trojan hidden as exim4 running under mailnull

the only thing in paniclog was:
2011-08-11 17:30:42 string too large in smtp_notquit_exit()

and rejectlog has something which might be the exploit attempt

2011-08-06 13:29:02 H=ns206479.ovh.net (welcome.com) [94.23.52.33]
F=<root@???> rejected RCPT <postmaster@localhost>: relay not permitted
2011-08-06 13:29:03 SMTP protocol synchronization error (next input sent too
soon: pipelining was advertised): rejected "Header0000:
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV" H=ns206479.ovh.net
(welcome.com) [94.23.52.33] next input="Header0001:
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV\nHeader000"


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email