Re: [exim] CVE-2015-0235 - glibc gethostbyname remotely expl…

Top Page
Delete this message
Reply to this message
Author: jpff
Date:  
To: exim-users
Subject: Re: [exim] CVE-2015-0235 - glibc gethostbyname remotely exploitable via exim
I see that Debian have just released a security fix for glibc
==John ff

On Tue, 27 Jan 2015, Tony Finch wrote:

> All I know at the moment comes from the vulnerability announcement that
> Qualys posted this afternoon. Quote:
>
> The Exim mail server is exploitable remotely if configured to perform
> extra security checks on the HELO and EHLO commands ("helo_verify_hosts"
> or "helo_try_verify_hosts" option, or "verify = helo" ACL); we developed
> a reliable and fully-functional exploit that bypasses all existing
> protections (ASLR, PIE, NX) on 32-bit and 64-bit machines.
>
> http://www.openwall.com/lists/oss-security/2015/01/27/9
>
> Tony.
> --
> <fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
> N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
> \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>