[exim] someone posted an none working exploit for exim

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Cyborg
Date:  
À: Exim-users@exim.org >> \"<exim-users@exim.org>\"
Sujet: [exim] someone posted an none working exploit for exim

Hi,

someone posted an exploit on packetstorm, which should not work at all (
and does not on an actual exim )

[root@vpn ~]# nc 127.0.0.1 25
220 locahost ESMTP Exim 4.76 Fri, 07 Jun 2013 15:28:45 +0200
HELO localhost
250 localhost Hello localhost [127.0.0.1]
MAIL FROM: x`ls -la >/tmp/test`@???
501 x`ls -la >/tmp/test`@???: missing or malformed local part
(expected word or "<")


Was this a security risk ever, or did they just wanne have theire five
minutes ?

marius