Re: [exim] CVE-2019-15846: Exim - local or remote attacker c…

Inizio della pagina
Questo messaggio è parte di questo thread:
Mil thread completo ordinato per data
MSebastian Nielsen at <-
MHeiko Schlittermann at ->
Delete this message
Reply to this message
Autore: Heiko Schlittermann
Data:  
To: exim-users
Oggetto: Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges
Sebastian Nielsen via Exim-users <exim-users@???> (Fr 06 Sep 2019 21:37:41 CEST):
> Ooo just that, forgot that...
>
> But still the question remains, how does it prevent the exploit? Doesn't the
> exploit (root command) get executed immidiately when TLS negotiation is
> done?

This is left as an exercise to the reader of src/src/string.c, where we
applied the patch.

BTW, when the TLS negotiation is done, this is done by a child of the
listener process, and this child process should have dropped its
privileges already.

--
Heiko
Questo messaggio è stato inviato alle seguenti mailing lists:
Exim-users
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privilegesRe: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)