Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exim 4.66 in conjunction with spamd Overflow issues

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 15 May 2007 18:36:30 +0400
Dear calcite () setec org,

 spamd  is  trusted service. Exim sends whole received message to spamd.
 To  configure untrusted spamd means to give access to all your mail and
 is vulnerability by itself.

--Sunday, May 13, 2007, 9:18:59 AM, you wrote to bugtraq () securityfocus com:


cso> EXPLOITATION:
cso> 
cso> Exploiting this bug would require social engineering and a fake spamd server. Obviously you will need to get an 
administrator to add your fake server to exim config.
cso> 
cso> Solution :
cso> 
cso> Run spamd locally or only add trusted spamd servers to your config ( have legitimate credentials).
cso> Refferences----



-- 
~/ZARAZA http://securityvulns.com/
Previous By Date Next
Previous By Thread Next

Current thread: