https://bugs.exim.org/show_bug.cgi?id=1834
Bug ID: 1834
Summary: Crash after "rejected EXPN root"
Product: Exim
Version: 4.87
Hardware: x86
OS: All
Status: NEW
Severity: security
Priority: medium
Component: General execution
Assignee: nigel@???
Reporter: exim.org@???
CC: exim-dev@???
I have these log lines in the log and exim did crash afterwards.
2016-05-18T02:09:36+02:00 router exim[9193]: 2016-05-18 02:09:36 no host name
found for IP address 61.139.60.142
2016-05-18T02:09:36+02:00 router exim[9193]: 2016-05-18 02:09:36
H=[61.139.60.142] rejected EXPN root
2016-05-18T02:09:36+02:00 router exim[9193]: 2016-05-18 02:09:36
H=[61.139.60.142] rejected EXPN root
The following entry from grsec is in the kernel log:
[103610.574334] grsec: From 61.139.60.142: Segmentation fault occurred at
0000000000000009 in /usr/sbin/exim[exim:9193] uid/euid:8/8 gid/egid:12/12,
parent /usr/sbin/exim[exim:2020] uid/euid:8/8 gid/egid:12/12
[103610.574511] grsec: From 61.139.60.142: bruteforce prevention initiated due
to crash of /usr/sbin/exim against uid 8, banning suid/sgid execs for 15
minutes. Please investigate the crash report for /usr/sbin/exim[exim:9193]
uid/euid:8/8 gid/egid:12/12, parent /usr/sbin/exim[exim:2020] uid/euid:8/8
gid/egid:12/12
This is with exim 4.87 and GnuTLS 3.5.0 on Gentoo
Same issue occurred a day ago.
Unfortunately I don't have any crash dump or other data at the moment.
--
You are receiving this mail because:
You are on the CC list for the bug.
