Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

EXIM MTA vulnerability

Published: 2010-12-10
Last Updated: 2010-12-10 01:04:30 UTC
by Mark Hofman (Version: 1)
4 comment(s)

We have had several reports regarding a potential issue in the EXIM Mail Transfer Agent (MTA). Thanks John, Greg, Brad & Edward. The issue relates to a privilege escalation and through a specially crafted email.  You can read the information here http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html#exim-dev 

Haven't had a chance to install EXIM and test it myself.  If you have let us know.  In the mean time you may wish to consider running it in unprivileged mode (probably good practice under any circumstances anyway).  Instructions on how to do that can be found here http://www.exim.org/exim-html-3.20/doc/html/spec_55.html

Mark H

4 comment(s)
Diary Archives