Marc Haber wrote: > On Thu, Dec 09, 2010 at 11:29:14AM +0000, Jeremy Harris wrote: > >> Alternatively, the Debian config uses HeaderX for transmission of >> generated content, and expands it deliberately. >> > > We don't do such things. In fact, our configuration is amazingly like > exim's stock config, it's only more automatic. > > Greetings > Marc > > Hi guys,
Please excuse me posting to the dev list as I'm not an Exim dev, but I believe I have a couple of vulnerable servers and wanted an expert opinion on some remedial action I've taken: * Remounted /var with nosuid * Added global config to limit the overall header size to 5k and individual header lines to 512 bytes, using header_maxsize and header_line_maxsize.**** The first would only mitigate the current exploit, as it may be possible to create suid binaries under somewhere like /tmp instead. It was the second I'm interested in. Do you know if the bug which makes the remote execution exploit possible is triggered before or after the header size or line length is checked? Thanks very much in advance. Thanks, -Oli -- Oli Comber Systems Developer 3aIT Limited - Official Corporate Sponsor of the British Bobsleigh Team 4-10 Barttelot Rd Horsham West Sussex RH12 1DQ T: +44 (0)203 - 3843932 F: +44 (0)870 116 0793 3aIT Limited is a company registered in England and Wales. CoReg: 3866698 VATReg: 771388600 Visit www.3aIT.co.uk for Design, Systems, Support Disclaimer: The information contained within this email is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient, any disclosure, copying or distribution of this email is prohibited and may be unlawful. The content of this email represents the views of the individual and not necessarily 3aIT Limited. 3aIT Limited reserves the right to monitor the content of all emails in accordance with lawful business practice. Whilst every effort is made to ensure that attachments are free from computer viruses before transmission, 3aIT Limited does not accept any liability in respect of any virus that is not detected. 3aIT Limited -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
