On Tue, 2016-04-19 at 14:27 -0400, Chris Siebenmann wrote:
> > Thank you very much for your helpful summary. Currently I do not
> > understand how someone can use Exim to execute malicious Perl scripts
> > unless Exim has a facility to execute Perl scripts, for example
> > [...]
>
> There's a full-disclosure mailing list message about the bug; it
> provides details of how this is exploitable provided only that you have
> perl_startup defined in your Exim configuration:
>
> https://marc.info/?l=full-disclosure&m=145781499028909&w=2
Thank you very much. I am conservative with production systems and never
introduced the
perl_startup =
parameter in Exim's configuration files. I can now sleep peacefully at
nights :-)
Thank you.
--
Regards,
Paul.
England, EU. England's place is in the European Union.
