Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 25 Nov 2017 18:50:31 -0500
From: Phil Pennock <oss-security-phil@...dhuis.org>
To: oss-security@...ts.openwall.com
Subject: Re: RCE in Exim reported

On 2017-11-24 at 22:59 -0500, Phil Pennock wrote:
> In Post-Thanksgiving mail-catchup, I see that the Exim Project was
> gifted with a couple of surprises in our public bugtracker on Thursday
> morning.  Complete with proof-of-concept small Python script.
> 
> I've requested CVEs, don't have them yet.

bugs.exim.org/2199 :
  Use-after-free remote-code-execution
  CVE-2017-16943

bugs.exim.org/2201 :
  stack-exhaustion remote DoS
  CVE-2017-16944

Fix for the former has been confirmed by the reporter and is in git.

The `exim-4_89+fixes` branch used by various OS packagers for major
bug-fixes on top of the 4.89 release has the UAF fix backported.  Work
on the DoS is under way.

  https://git.exim.org/exim.git/shortlog/refs/heads/exim-4_89+fixes

Jeremy has created a `4.next` branch with work for 4.91, which includes
re-working the API for the allocator which allowed the use-after-free to
creep in.

-Phil

Download attachment "signature.asc" of type "application/pgp-signature" (997 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ