oss-sec mailing list archives
CVE-2017-16943 CVE-2017-16944 (Was:RCE in Exim reported)
From: Heiko Schlittermann <hs () schlittermann de>
Date: Tue, 28 Nov 2017 22:43:59 +0100
Phil Pennock <oss-security-phil () spodhuis org> (Sa 25 Nov 2017 04:59:12 CET):
In Post-Thanksgiving mail-catchup, I see that the Exim Project was gifted with a couple of surprises in our public bugtracker on Thursday morning. Complete with proof-of-concept small Python script. I've requested CVEs, don't have them yet. My mail to our announce list: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
…
Public bugtracker links: https://bugs.exim.org/show_bug.cgi?id=2199 https://bugs.exim.org/show_bug.cgi?id=2201
Both issues are fixed now. CVE-2017-16943 (RCE) Exim Bug 2199 master: 4e6ae6235c68de243b1c2419027472d7659aa2b4 exim-4_89+fixes: 4090d62a4b25782129cc1643596dc2f6e8f63bde Fix done by Jeremy Harrys CVE-2017-16944 (DoS) Exim Bug 2201 master: 178ecb70987f024f0e775d87c2f8b2cf587dd542 exim-4_89+fixes: 4804c62909a62a3ac12ec4777ebd48c541028965 Fix done by me. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Attachment:
signature.asc
Description:
Current thread:
- RCE in Exim reported Phil Pennock (Nov 24)
- Re: RCE in Exim reported Phil Pennock (Nov 24)
- Re: RCE in Exim reported Phil Pennock (Nov 25)
- Re: RCE in Exim reported Leo Famulari (Nov 26)
- Re: RCE in Exim reported Heiko Schlittermann (Nov 26)
- Re: RCE in Exim reported Leo Famulari (Nov 26)
- CVE-2017-16943 CVE-2017-16944 (Was:RCE in Exim reported) Heiko Schlittermann (Nov 28)