Re: lil' exim format bug

From: Foldi Tamas (crowat_private)
Date: Tue Jun 12 2001 - 02:45:34 PDT

Next message: Aycan Irican: "Re: your mail"

Previous message: IT Resource Center : "security bulletins digest"
Maybe in reply to: Megyer Laszlo: "lil' exim format bug"
Next in thread: Peter Radcliffe: "Re: lil' exim format bug"
Reply: Peter Radcliffe: "Re: lil' exim format bug"
Reply: Robert van der Meulen: "Re: lil' exim format bug"
Reply: Tabor J. Wells: "Re: lil' exim format bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Bugtraqers,

All of the downloadable versions are still buggy, and I can't understand
why does it recommend the main-main-developer to paste '%s' into the
source code.

The following patch should work against this ugly format bug:

--- accept.c.orig       Tue Jun 12 11:33:01 2001
+++ accept.c    Tue Jun 12 11:33:38 2001
@@ -2503,7 +2503,7 @@
   nothing on success. The function moan_smtp_batch() does not return -
   it exits from the program with a non-zero return code. */

-  else if (smtp_reply != NULL) moan_smtp_batch(NULL, smtp_reply);
+  else if (smtp_reply != NULL) moan_smtp_batch(NULL, "%s", smtp_reply);
   }

/* Reset headers so that logging of rejects for a subsequent message
doesn't


><sarcasm>
>Why, thank you for letting Philip Hazel (who is on holiday right now)
>get a patched version out before announcing this to bugtraq.
></sarcasm> 

At the moment, we know another 'ugly' bug in the exim main code, but
because of your tone it's not published. I can't understand, why do you
use this tone against people, who audits your shity code, which has some
errors in it.

>> /etc/exim.conf should have an option set: 
>
>This is not the default name or location for the exim config file. 
>> lez:~$ /usr/sbin/exim -bS 

These values are defaults in most linuxes. 


> and no one with sense runs an MTA as root, and the exim security
> information strongly suggests you do not. 
>
> On my relays the MTA runs as root only once at boot time to bind to 
> port 25 and is not suid root. Yes, this looks like a real problem but
> it should also serve as a good time to check that as little as
> possible runs as root. 

On default linuxes exim is installed with setuid root. We speak about
the default install. The exim main source code has lot of setuid() call,
so it's developed for root usage also.

-- 
. . _ __ ______________________________________________________ __ _ . .
Foldi Tamas - We Are The Hashmark In The Rootshell - Security Consultant
   crowat_private - PGP: finger://crowat_private - (+3630) 221-7477

Next message: Aycan Irican: "Re: your mail"
Previous message: IT Resource Center : "security bulletins digest"
Maybe in reply to: Megyer Laszlo: "lil' exim format bug"
Next in thread: Peter Radcliffe: "Re: lil' exim format bug"
Reply: Peter Radcliffe: "Re: lil' exim format bug"
Reply: Robert van der Meulen: "Re: lil' exim format bug"
Reply: Tabor J. Wells: "Re: lil' exim format bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 10:55:11 PDT