Re: [exim] [hs@schlittermann.de: Re: CVE-2017-1000369 | Exim…

Góra strony
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
Dla: exim-users
Temat: Re: [exim] [hs@schlittermann.de: Re: CVE-2017-1000369 | Exim 4.89+fixes]
Hi,


Cyborg <cyborg2@???> (Mi 21 Jun 2017 09:17:57 CEST):
> Am 21.06.2017 um 08:07 schrieb Heiko Schlittermann via Exim-users:
> > IF your distribution updated the packaged version of Exim 
> >    OR the underlying system

> >
> > THEN you're safe already and can stop reading.
> >
> >
>
> As the problem is not inside exim, but in the way, the os handles guard
> pages, the above assumption is WRONG!


Ok. Half wrong. If you have an updated packaged version of Exim, your
Exim can't be abused anymore as a vector. But other (suid?) programs
may.

> You need a patched kernel to be active. IF you are running a server, you
> NEED TO REBOOT your system with a new kernel.


So, to be really safe, you need an updated kernel, right.
(Which implies that you need to reboot after updating the kernel. (I
assume, that our audience knows about that :))

Thank you for pointing out that detail.

--
Heiko