[exim] CVE-2015-0235 - glibc gethostbyname remotely exploita…

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: exim-users
Subject: [exim] CVE-2015-0235 - glibc gethostbyname remotely exploitable via exim
All I know at the moment comes from the vulnerability announcement that
Qualys posted this afternoon. Quote:

The Exim mail server is exploitable remotely if configured to perform
extra security checks on the HELO and EHLO commands ("helo_verify_hosts"
or "helo_try_verify_hosts" option, or "verify = helo" ACL); we developed
a reliable and fully-functional exploit that bypasses all existing
protections (ASLR, PIE, NX) on 32-bit and 64-bit machines.

http://www.openwall.com/lists/oss-security/2015/01/27/9

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}