Re: [exim] CVE-2019-15846: Exim - local or remote attacker c…

Top Page

Reply to this message
Author: Heiko Schlittermann
To: exim-users
Subject: Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges
Sebastian Nielsen via Exim-users <exim-users@???> (Fr 06 Sep 2019 21:37:41 CEST):
> Ooo just that, forgot that...
> But still the question remains, how does it prevent the exploit? Doesn't the
> exploit (root command) get executed immidiately when TLS negotiation is
> done?

This is left as an exercise to the reader of src/src/string.c, where we
applied the patch.

BTW, when the TLS negotiation is done, this is done by a child of the
listener process, and this child process should have dropped its
privileges already.