Date: Sat, 25 Nov 2017 18:50:31 -0500 From: Phil Pennock <oss-security-phil@...dhuis.org> To: oss-security@...ts.openwall.com Subject: Re: RCE in Exim reported On 2017-11-24 at 22:59 -0500, Phil Pennock wrote: > In Post-Thanksgiving mail-catchup, I see that the Exim Project was > gifted with a couple of surprises in our public bugtracker on Thursday > morning. Complete with proof-of-concept small Python script. > > I've requested CVEs, don't have them yet. bugs.exim.org/2199 : Use-after-free remote-code-execution CVE-2017-16943 bugs.exim.org/2201 : stack-exhaustion remote DoS CVE-2017-16944 Fix for the former has been confirmed by the reporter and is in git. The `exim-4_89+fixes` branch used by various OS packagers for major bug-fixes on top of the 4.89 release has the UAF fix backported. Work on the DoS is under way. https://git.exim.org/exim.git/shortlog/refs/heads/exim-4_89+fixes Jeremy has created a `4.next` branch with work for 4.91, which includes re-working the API for the allocator which allowed the use-after-free to creep in. -Phil Download attachment "signature.asc" of type "application/pgp-signature" (997 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.