Bugtraq mailing list archives

Re: lil' exim format bug

From: Foldi Tamas <crow () kapu hu>
Date: 12 Jun 2001 11:45:34 +0200

Hi Bugtraqers,

All of the downloadable versions are still buggy, and I can't understand
why does it recommend the main-main-developer to paste '%s' into the
source code.

The following patch should work against this ugly format bug:

--- accept.c.orig       Tue Jun 12 11:33:01 2001
+++ accept.c    Tue Jun 12 11:33:38 2001
@@ -2503,7 +2503,7 @@
   nothing on success. The function moan_smtp_batch() does not return -
   it exits from the program with a non-zero return code. */

-  else if (smtp_reply != NULL) moan_smtp_batch(NULL, smtp_reply);
+  else if (smtp_reply != NULL) moan_smtp_batch(NULL, "%s", smtp_reply);
   }

/* Reset headers so that logging of rejects for a subsequent message
doesn't

<sarcasm>
Why, thank you for letting Philip Hazel (who is on holiday right now)
get a patched version out before announcing this to bugtraq.
</sarcasm>


At the moment, we know another 'ugly' bug in the exim main code, but
because of your tone it's not published. I can't understand, why do you
use this tone against people, who audits your shity code, which has some
errors in it.

/etc/exim.conf should have an option set:


This is not the default name or location for the exim config file.

lez:~$ /usr/sbin/exim -bS


These values are defaults in most linuxes.

and no one with sense runs an MTA as root, and the exim security
information strongly suggests you do not. 

On my relays the MTA runs as root only once at boot time to bind to 
port 25 and is not suid root. Yes, this looks like a real problem but
it should also serve as a good time to check that as little as
possible runs as root.


On default linuxes exim is installed with setuid root. We speak about
the default install. The exim main source code has lot of setuid() call,
so it's developed for root usage also.

-- 
. . _ __ ______________________________________________________ __ _ . .
Foldi Tamas - We Are The Hashmark In The Rootshell - Security Consultant
   crow () kapu hu - PGP: finger://crow () thot banki hu - (+3630) 221-7477

Current thread:

lil' exim format bug Megyer Laszlo (Jun 06)
- Re: lil' exim format bug Peter Radcliffe (Jun 07)
- <Possible follow-ups>
- Re: lil' exim format bug Foldi Tamas (Jun 12)
  - Re: lil' exim format bug Peter Radcliffe (Jun 13)
  - Re: lil' exim format bug Robert van der Meulen (Jun 13)
  - Re: lil' exim format bug Tabor J. Wells (Jun 13)