[exim-dev] [Bug 2199] Exim use-after-free vulnerability whil…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2199] Exim use-after-free vulnerability while reading mail header
https://bugs.exim.org/show_bug.cgi?id=2199

--- Comment #14 from meh <meh@???> ---
Yes, the use-after-free(UAF) vulnerability leads to Remote code execution(RCE).
The original Proof-of-Concept has already proved that hackers can gain code
execution in exim server through this vulnerability. In the PoC, the memory
area of current_block is freed so the content is modified by malloc.c. The
struct member `next` is changed to somewhere should not be written and leads to
RCE. We will publish a security advisory with more technical details after the
disclosure process is completed.

Besides, I've tested the patch and the bug is fixed.

--
You are receiving this mail because:
You are on the CC list for the bug.