https://bugs.exim.org/show_bug.cgi?id=1282
--- Comment #4 from Don Craig <dmc@???> ---
A couple of additional things to note:
1) as of 4.86 JH/07 changed the default rfc1413 settings to disable calls.
2) The infamous GHOST vulnerability documented by Qualys in January 2015
relied on buffer overflow problems in gethostbyname between glibc-2.2
glibc-2.17 inclusive. I was running Centos 5 with glibc-2.17, and so the
overflow problem was present. (Qualys used exim to demonstrate how
nasty the overflow problem was. The bug was fixed by glibc-2.18. See
https://www.qualys.com/2015/01/27/cve-2015-0235/GHOST-CVE-2015-0235.txt
for lots more information.)
Now that I'm running a more "robust" libc I should reverify this problem with
4.86 and be less trusting of glibc code in general. The host names I was using
were real ones, and in theory not long enough to provoke the case described by
Qualys, but the behaviour does raise suspicions. More to come...
--
You are receiving this mail because:
You are on the CC list for the bug.
