Ok, I'll bite. How can:
log_write(0, LOG_MAIN, (char *)logmsg) be used to arbitrarily inject code? I understand the concept, but having % in the logmsg with no parameters to feed it seems harmless to me. On Tue, May 17, 2011 at 10:43 AM, MH Michael Hammer (5304) <[email protected]> wrote: > Thought this might be of passing interest to the list. > > > > http://www.h-online.com/security/news/item/Critical-hole-in-the-Exim-Mail-server-closed-1239543.html > > > > Mike > > > > > > _______________________________________________ > dkim-ops mailing list > [email protected] > http://mipassoc.org/mailman/listinfo/dkim-ops > > _______________________________________________ > dkim-ops mailing list > [email protected] > http://mipassoc.org/mailman/listinfo/dkim-ops > > -- Jeff Macdonald Ayer, MA _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
