DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th December 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Exim code-execution bug, now with root access

From http://www.theregister.co.uk/2010/12...ecution_peril/

Quote:
Exim maintainers have warned of an in-the-wild attack that allowed the miscreants to execute malicious code with unfettered system privileges by exploiting a bug in older versions of the open-source mail transfer agent.

The memory-corruption vulnerability resides in Exim 4.69 and earlier versions, and already has been used in at least one attack to completely root an enterprise server, according to this account. Security pros have sounded the alarm because the vulnerability is remotely exploitable and is already being used maliciously. What's more, attack code has also been added to the Metasploit exploitation kit, making it easy for others to reproduce the attack.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSD code is used where? Broodjegehaktmetmayo Other BSD and UNIX/UNIX-like 7 8th March 2010 06:19 PM
prevent root ssh access carpman FreeBSD Security 7 18th December 2009 04:24 PM
ssh key access non root users carpman FreeBSD Security 7 12th August 2009 06:09 PM
Discussion on MTA : SendMail, Postfix, Exim, Qmail aleunix General software and network 35 13th February 2009 04:23 PM
sendmail vs qmail vs postfix vs exim graudeejs General software and network 6 22nd July 2008 03:25 PM


All times are GMT. The time now is 02:03 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick