thr3ads.net - Secure testing team - [Secure-testing-team] Bug#606612: exim4: Exploitable memory corruption vulnerability [Dec 2010]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Dominic Hargreaves

2010-Dec-10 11:01 UTC

[Secure-testing-team] Bug#606612: exim4: Exploitable memory corruption vulnerability

Package: exim4
Version: 4.69-9
Severity: critical
Tags: security
Justification: root security hole

There is a discussion on exim-dev[0] relating to an incident of root-level
compromise owing to a couple of bugs. The first (the remote attack)
appears[1] to be related to a bug already fixed in mainline[2].

[0] <http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html>
[1]
<http://www.exim.org/lurker/message/20101210.071922.233697ac.en.html#exim-dev>
[2] <http://bugs.exim.org/show_bug.cgi?id=787>

I hadn''t seen any response from any Debian people on this (publically
at least) so I thought it would be worth filing this bug, to make
sure the right people are aware of the issue.

Cheers,
Dominic.

Secure testing team - Dec 2010 - Bug#606612: exim4: Exploitable memory corruption vulnerability

[Secure-testing-team] Bug#606612: exim4: Exploitable memory corruption vulnerability