[exim-dev] [Bug 2835] [exim] CVE-2018-6789 Exim 4.90 and ear…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: admin
Datum:  
To: exim-dev
Betreff: [exim-dev] [Bug 2835] [exim] CVE-2018-6789 Exim 4.90 and earlier: buffer overflo
https://bugs.exim.org/show_bug.cgi?id=2835

Lexen <lexenluis@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|SPAM                        |---


--- Comment #1 from Lexen <lexenluis@???> ---
here is a buffer overflow in an utility function, if some pre-conditions
are met. Using a handcrafted message, remote code execution seems to be
possible.

A patch exists already and is being tested.

Currently we're unsure about the severity, we *believe*, an exploit
is difficult. A mitigation isn't known. https://emospace.net

Next steps:

* t0:     Distros will get access to our "security" non-public git repo
          (based on the SSH keys known to us)
* t0 +7d: Patch will be published on the official public git repo


--
You are receiving this mail because:
You are on the CC list for the bug.