Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Exim 4.66 in conjunction with spamd Overflow issues
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 15 May 2007 18:36:30 +0400
Dear calcite () setec org,

 spamd  is  trusted service. Exim sends whole received message to spamd.
 To  configure untrusted spamd means to give access to all your mail and
 is vulnerability by itself.

--Sunday, May 13, 2007, 9:18:59 AM, you wrote to bugtraq () securityfocus com:


cso> EXPLOITATION:
cso> 
cso> Exploiting this bug would require social engineering and a fake spamd server. Obviously you will need to get an 
administrator to add your fake server to exim config.
cso> 
cso> Solution :
cso> 
cso> Run spamd locally or only add trusted spamd servers to your config ( have legitimate credentials).
cso> Refferences----



-- 
~/ZARAZA http://securityvulns.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]