Date: Sat, 25 Nov 2017 18:50:31 -0500 From: Phil Pennock <oss-security-phil@...dhuis.org> To: oss-security@...ts.openwall.com Subject: Re: RCE in Exim reported On 2017-11-24 at 22:59 -0500, Phil Pennock wrote: > In Post-Thanksgiving mail-catchup, I see that the Exim Project was > gifted with a couple of surprises in our public bugtracker on Thursday > morning. Complete with proof-of-concept small Python script. > > I've requested CVEs, don't have them yet. bugs.exim.org/2199 : Use-after-free remote-code-execution CVE-2017-16943 bugs.exim.org/2201 : stack-exhaustion remote DoS CVE-2017-16944 Fix for the former has been confirmed by the reporter and is in git. The `exim-4_89+fixes` branch used by various OS packagers for major bug-fixes on top of the 4.89 release has the UAF fix backported. Work on the DoS is under way. https://git.exim.org/exim.git/shortlog/refs/heads/exim-4_89+fixes Jeremy has created a `4.next` branch with work for 4.91, which includes re-working the API for the allocator which allowed the use-after-free to creep in. -Phil Download attachment "signature.asc" of type "application/pgp-signature" (997 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.