------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1135
Summary: posible vulnerability same buffer overflow exploit
Product: Exim
Version: 4.76
Platform: Other
OS/Version: FreeBSD
Status: NEW
Severity: bug
Priority: high
Component: Delivery in general
AssignedTo: nigel@???
ReportedBy: adi@???
CC: exim-dev@???
i had exim 4.69 on freebsd and was hacked with buffer overflow exploit
after that i upgraded to 4.76 :
exim -bV
Exim version 4.76 #0 (FreeBSD 7.2) built 29-Jul-2011 17:54:42
Copyright (c) University of Cambridge, 1995 - 2007
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl Expand_dlfunc
OpenSSL Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz
dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/local/etc/exim/configure
and today i found the same perl trojan hidden as exim4 running under mailnull
the only thing in paniclog was:
2011-08-11 17:30:42 string too large in smtp_notquit_exit()
and rejectlog has something which might be the exploit attempt
2011-08-06 13:29:02 H=ns206479.ovh.net (welcome.com) [94.23.52.33]
F=<root@???> rejected RCPT <postmaster@localhost>: relay not permitted
2011-08-06 13:29:03 SMTP protocol synchronization error (next input sent too
soon: pipelining was advertised): rejected "Header0000:
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV" H=ns206479.ovh.net
(welcome.com) [94.23.52.33] next input="Header0001:
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV\nHeader000"
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email