Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th May 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,507
Default Critical hole in the Exim Mail server closed

From http://www.h-online.com/security/new...d-1239543.html

A missing format specification in a logging function of the free Mail Transfer Agent Exim has been identified by the developers as offering an attacker a chance to execute arbitrary code on the server.

The particular line of code wrote a string directly to the logfile. An attacker could exploit this by adding particular formatting instructions into the DKIM information string in an incoming email which would allow them to inject their own code and run it with the rights of the mail server. Although no exploit is known to exist, the developers believe that an experienced attacker would not find an exploit hard to construct.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Opera 11.01 closes critical hole J65nko News 0 27th January 2011 04:14 PM
Phrack hole closed in ProFTPD J65nko News 0 20th December 2010 10:29 PM
Adobe: hole closed, hole open J65nko News 0 5th November 2010 06:50 PM
Critical hole closed in Foxit Reader J65nko News 0 10th August 2010 05:51 PM
Firefox 3.6.3 closes a critical hole J65nko News 0 2nd April 2010 05:52 PM

All times are GMT. The time now is 11:01 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick