[Secure-testing-team] Bug#606612: exim4: Exploitable memory corruption vulnerability
Dominic Hargreaves
dom at earth.li
Fri Dec 10 11:01:09 UTC 2010
Package: exim4
Version: 4.69-9
Severity: critical
Tags: security
Justification: root security hole
There is a discussion on exim-dev[0] relating to an incident of root-level
compromise owing to a couple of bugs. The first (the remote attack)
appears[1] to be related to a bug already fixed in mainline[2].
[0] <http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html>
[1] <http://www.exim.org/lurker/message/20101210.071922.233697ac.en.html#exim-dev>
[2] <http://bugs.exim.org/show_bug.cgi?id=787>
I hadn't seen any response from any Debian people on this (publically
at least) so I thought it would be worth filing this bug, to make
sure the right people are aware of the issue.
Cheers,
Dominic.
More information about the Secure-testing-team
mailing list