------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1135 Summary: posible vulnerability same buffer overflow exploit Product: Exim Version: 4.76 Platform: Other OS/Version: FreeBSD Status: NEW Severity: bug Priority: high Component: Delivery in general AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] i had exim 4.69 on freebsd and was hacked with buffer overflow exploit after that i upgraded to 4.76 : exim -bV Exim version 4.76 #0 (FreeBSD 7.2) built 29-Jul-2011 17:54:42 Copyright (c) University of Cambridge, 1995 - 2007 Probably Berkeley DB version 1.8x (native mode) Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl Expand_dlfunc OpenSSL Content_Scanning DKIM Old_Demime Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch nis nis0 passwd Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Configuration file is /usr/local/etc/exim/configure and today i found the same perl trojan hidden as exim4 running under mailnull the only thing in paniclog was: 2011-08-11 17:30:42 string too large in smtp_notquit_exit() and rejectlog has something which might be the exploit attempt 2011-08-06 13:29:02 H=ns206479.ovh.net (welcome.com) [94.23.52.33] F=<[email protected]> rejected RCPT <postmaster@localhost>: relay not permitted 2011-08-06 13:29:03 SMTP protocol synchronization error (next input sent too soon: pipelining was advertised): rejected "Header0000: VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV" H=ns206479.ovh.net (welcome.com) [94.23.52.33] next input="Header0001: VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV\nHeader000" -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
