[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[lez@sch.bme.hu: Re: [SECURITY] [DSA-058-1] exim printf format attack]

Can someone update the webpages to note that it is indeed not
remotely vulnerable? 


----- Forwarded message from Megyer Laszlo <lez@sch.bme.hu> -----

From: Megyer Laszlo <lez@sch.bme.hu>
To: security@debian.org
Subject: Re: [SECURITY] [DSA-058-1] exim printf format attack
Date: Tue, 12 Jun 2001 11:21:58 +0200


On Sun, Jun 10, 2001 at 01:46:42AM +0200, Wichert Akkerman wrote:
> Package        : exim
> Problem type   : remote printf format attack
> Debian-specific: no

You are absolutely kind, but it's NOT a remote vulnerability. It's only exploitable locally with the -bS switch. (It's in batched smtp mode)

Megyer Laszlo (Lez)

Please respect the privacy of this mailing list.

To UNSUBSCRIBE, email to debian-private-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

----- End forwarded message -----

 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@wiggy.net                   http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Reply to: