[exim-dev] [Bug 1580] 【remote exec vulnerability】

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Phil Pennock
Dátum:  
Címzett: exim-dev
Tárgy: [exim-dev] [Bug 1580] 【remote exec vulnerability】
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1580




--- Comment #2 from Phil Pennock <pdp@???> 2015-01-28 18:54:16 ---
In particular, for the record so that folks know why this is being dismissed so
readily:

http://www.openwall.com/lists/oss-security/2015/01/27/9

http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/

Also, there is an Exim-Announce mail warning of the issue and including
mitigation factors which can be applied, as exposing this vulnerability
requires turning on specific Exim configuration options, so turning them off
again will help; see:

https://lists.exim.org/lurker/message/20150127.200135.056f32f2.en.html
http://permalink.gmane.org/gmane.mail.exim.announce/162
(same post, two different archives)


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email