https://bugs.exim.org/show_bug.cgi?id=1282
--- Comment #4 from Don Craig <[email protected]> --- A couple of additional things to note: 1) as of 4.86 JH/07 changed the default rfc1413 settings to disable calls. 2) The infamous GHOST vulnerability documented by Qualys in January 2015 relied on buffer overflow problems in gethostbyname between glibc-2.2 glibc-2.17 inclusive. I was running Centos 5 with glibc-2.17, and so the overflow problem was present. (Qualys used exim to demonstrate how nasty the overflow problem was. The bug was fixed by glibc-2.18. See https://www.qualys.com/2015/01/27/cve-2015-0235/GHOST-CVE-2015-0235.txt for lots more information.) Now that I'm running a more "robust" libc I should reverify this problem with 4.86 and be less trusting of glibc code in general. The host names I was using were real ones, and in theory not long enough to provoke the case described by Qualys, but the behaviour does raise suspicions. More to come... -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
