exim <4.7 remote root exploit in the wild

katio · Dec 11, 2010

Just a quick heads up.

http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/

The memory-corruption vulnerability resides in Exim 4.69 and earlier versions, and already has been used in at least one attack to completely root an enterprise server, according to this account. Security pros have sounded the alarm because the vulnerability is remotely exploitable and is already being used maliciously. What's more, attack code has also been added to the Metasploit exploitation kit, making it easy for others to reproduce the attack.
Click to expand...

and

“It depends on hitting certain buffer sizes of exactly the right length,” Woodhouse told The Register. He said the 2008 patch was never backported because “the security implications didn't occur to those who were dealing with it at the time. Obviously, someone did look at it, and saw it as an opportunity.”

The overlooked bug is a cautionary tale about the dangers of fixing security bugs and then failing to issue explicit advisories.
Click to expand...

Another reasons why I don't believe in the backporting business. Seriously, 2008?
(Read https://www.wilderssecurity.com/showthread.php?t=282823 for more)

Log in or Sign up

exim <4.7 remote root exploit in the wild

katio Guest

Log in or Sign up

exim <4.7 remote root exploit in the wild

katio Guest

Useful Searches