oss-sec mailing list archives
Re: RCE in Exim reported
From: Phil Pennock <oss-security-phil () spodhuis org>
Date: Sat, 25 Nov 2017 18:50:31 -0500
On 2017-11-24 at 22:59 -0500, Phil Pennock wrote:
In Post-Thanksgiving mail-catchup, I see that the Exim Project was gifted with a couple of surprises in our public bugtracker on Thursday morning. Complete with proof-of-concept small Python script. I've requested CVEs, don't have them yet.
bugs.exim.org/2199 : Use-after-free remote-code-execution CVE-2017-16943 bugs.exim.org/2201 : stack-exhaustion remote DoS CVE-2017-16944 Fix for the former has been confirmed by the reporter and is in git. The `exim-4_89+fixes` branch used by various OS packagers for major bug-fixes on top of the 4.89 release has the UAF fix backported. Work on the DoS is under way. https://git.exim.org/exim.git/shortlog/refs/heads/exim-4_89+fixes Jeremy has created a `4.next` branch with work for 4.91, which includes re-working the API for the allocator which allowed the use-after-free to creep in. -Phil
Attachment:
signature.asc
Description: Digital signature
Current thread:
- RCE in Exim reported Phil Pennock (Nov 24)
- Re: RCE in Exim reported Phil Pennock (Nov 24)
- Re: RCE in Exim reported Phil Pennock (Nov 25)
- Re: RCE in Exim reported Leo Famulari (Nov 26)
- Re: RCE in Exim reported Heiko Schlittermann (Nov 26)
- Re: RCE in Exim reported Leo Famulari (Nov 26)
- CVE-2017-16943 CVE-2017-16944 (Was:RCE in Exim reported) Heiko Schlittermann (Nov 28)