Martin Nicholas <reply-2015@???> wrote:
> Presumably though a specially crafted PTR entry would have the same
> effect? That being so a much larger collection of Exim functions are
> vulnerable.
Yes, I was worried about the same thing!
Fortunately the Qualys vulnerability disclosure covers that: domain names
that come from the DNS are too short to overrun the buffer.
http://seclists.org/oss-sec/2015/q1/274
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
