[exim-dev] [Bug 2835] [exim] CVE-2018-6789 Exim 4.90 and ear…

Top Page
This message is part of the following thread:
M++\the complete thread tree sorted by date
MMMMadmin at <-
admin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2835] [exim] CVE-2018-6789 Exim 4.90 and earlier: buffer overflo
https://bugs.exim.org/show_bug.cgi?id=2835

Lexen <lexenluis@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|SPAM                        |---


--- Comment #1 from Lexen <lexenluis@???> ---
here is a buffer overflow in an utility function, if some pre-conditions
are met. Using a handcrafted message, remote code execution seems to be
possible.

A patch exists already and is being tested.

Currently we're unsure about the severity, we *believe*, an exploit
is difficult. A mitigation isn't known. https://emospace.net

Next steps: 

* t0:     Distros will get access to our "security" non-public git repo
          (based on the SSH keys known to us)
* t0 +7d: Patch will be published on the official public git repo


--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2835] [exim] CVE-2018-6789 Exim 4.90 and earlier: buffer overflo[exim-dev] [Bug 2835] [exim] CVE-2018-6789 Exim 4.90 and earlier: buffer overflo->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)