On Fri, 30 Jan 2015 12:19:01 -0500 symack wrote: > Hello Andrew, > > Thank you for your response. For example, Exim implements reverse lookup. > How is malicious activity used against it?
Exim uses vulnerable function depending on its configuration, that's why it may be possible to remotely execute code with privileges of the exim process. > Do they need telnet or ssh access, I don't understand this obsession with ssh or telnet. Remote code execution means that malicious party can execute any code on affected system. > or buy some freak of nature can exploit the vulnerability in other ways? Considering how old one's setup should be to be affected to this issue, it is likely that such systems have another vulnerabilities, allowing attacker to gain root privileges even if exim itself is being run as a non-root user. Best regards, Andrew Savchenko
pgpKpmns3wCDW.pgp
Description: PGP signature