Martin Nicholas <[email protected]> wrote: > Presumably though a specially crafted PTR entry would have the same > effect? That being so a much larger collection of Exim functions are > vulnerable.
Yes, I was worried about the same thing! Fortunately the Qualys vulnerability disclosure covers that: domain names that come from the DNS are too short to overrun the buffer. http://seclists.org/oss-sec/2015/q1/274 Tony. -- <[email protected]> <[email protected]> http://dotat.at/ ${sg{\N${sg{\ N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\ \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}} -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
