Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: dev

[Bug 1135] New: posible vulnerability same buffer overflow exploit

 

 

exim dev RSS feed   Index | Next | Previous | View Threaded


adi at unixbased

Aug 11, 2011, 10:15 PM

Post #1 of 1 (326 views)
Permalink
[Bug 1135] New: posible vulnerability same buffer overflow exploit

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1135
Summary: posible vulnerability same buffer overflow exploit
Product: Exim
Version: 4.76
Platform: Other
OS/Version: FreeBSD
Status: NEW
Severity: bug
Priority: high
Component: Delivery in general
AssignedTo: nigel [at] exim
ReportedBy: adi [at] unixbased
CC: exim-dev [at] exim


i had exim 4.69 on freebsd and was hacked with buffer overflow exploit
after that i upgraded to 4.76 :

exim -bV
Exim version 4.76 #0 (FreeBSD 7.2) built 29-Jul-2011 17:54:42
Copyright (c) University of Cambridge, 1995 - 2007
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl Expand_dlfunc
OpenSSL Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz
dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/local/etc/exim/configure

and today i found the same perl trojan hidden as exim4 running under mailnull

the only thing in paniclog was:
2011-08-11 17:30:42 string too large in smtp_notquit_exit()

and rejectlog has something which might be the exploit attempt

2011-08-06 13:29:02 H=ns206479.ovh.net (welcome.com) [94.23.52.33]
F=<root [at] local> rejected RCPT <postmaster [at] localhos>: relay not permitted
2011-08-06 13:29:03 SMTP protocol synchronization error (next input sent too
soon: pipelining was advertised): rejected "Header0000:
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV" H=ns206479.ovh.net
(welcome.com) [94.23.52.33] next input="Header0001:
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV\nHeader000"


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

exim dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.