Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: lil' exim format bug
From: Foldi Tamas <crow () kapu hu>
Date: 12 Jun 2001 11:45:34 +0200

Hi Bugtraqers,

All of the downloadable versions are still buggy, and I can't understand
why does it recommend the main-main-developer to paste '%s' into the
source code.

The following patch should work against this ugly format bug:

--- accept.c.orig       Tue Jun 12 11:33:01 2001
+++ accept.c    Tue Jun 12 11:33:38 2001
@@ -2503,7 +2503,7 @@
   nothing on success. The function moan_smtp_batch() does not return -
   it exits from the program with a non-zero return code. */

-  else if (smtp_reply != NULL) moan_smtp_batch(NULL, smtp_reply);
+  else if (smtp_reply != NULL) moan_smtp_batch(NULL, "%s", smtp_reply);
   }

/* Reset headers so that logging of rejects for a subsequent message
doesn't


<sarcasm>
Why, thank you for letting Philip Hazel (who is on holiday right now)
get a patched version out before announcing this to bugtraq.
</sarcasm> 

At the moment, we know another 'ugly' bug in the exim main code, but
because of your tone it's not published. I can't understand, why do you
use this tone against people, who audits your shity code, which has some
errors in it.

/etc/exim.conf should have an option set: 

This is not the default name or location for the exim config file. 
lez:~$ /usr/sbin/exim -bS 

These values are defaults in most linuxes. 


and no one with sense runs an MTA as root, and the exim security
information strongly suggests you do not. 

On my relays the MTA runs as root only once at boot time to bind to 
port 25 and is not suid root. Yes, this looks like a real problem but
it should also serve as a good time to check that as little as
possible runs as root. 

On default linuxes exim is installed with setuid root. We speak about
the default install. The exim main source code has lot of setuid() call,
so it's developed for root usage also.

-- 
. . _ __ ______________________________________________________ __ _ . .
Foldi Tamas - We Are The Hashmark In The Rootshell - Security Consultant
   crow () kapu hu - PGP: finger://crow () thot banki hu - (+3630) 221-7477 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]