oss-sec mailing list archives
Re: RCE in Exim reported
From: Leo Famulari <leo () famulari name>
Date: Sun, 26 Nov 2017 15:37:49 -0500
On Sat, Nov 25, 2017 at 06:50:31PM -0500, Phil Pennock wrote:
bugs.exim.org/2199 : Use-after-free remote-code-execution CVE-2017-16943 bugs.exim.org/2201 : stack-exhaustion remote DoS CVE-2017-16944 Fix for the former has been confirmed by the reporter and is in git. The `exim-4_89+fixes` branch used by various OS packagers for major bug-fixes on top of the 4.89 release has the UAF fix backported. Work on the DoS is under way. https://git.exim.org/exim.git/shortlog/refs/heads/exim-4_89+fixes
FYI, clicking on the commits from this page just gives the error message: 400 - Invalid hash parameter But the commit in question can be viewed here: https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde
Attachment:
signature.asc
Description:
Current thread:
- RCE in Exim reported Phil Pennock (Nov 24)
- Re: RCE in Exim reported Phil Pennock (Nov 24)
- Re: RCE in Exim reported Phil Pennock (Nov 25)
- Re: RCE in Exim reported Leo Famulari (Nov 26)
- Re: RCE in Exim reported Heiko Schlittermann (Nov 26)
- Re: RCE in Exim reported Leo Famulari (Nov 26)
- CVE-2017-16943 CVE-2017-16944 (Was:RCE in Exim reported) Heiko Schlittermann (Nov 28)