Mailing List Archive

[Bug 1135] New: posible vulnerability same buffer overflow exploit
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Summary: posible vulnerability same buffer overflow exploit
Product: Exim
Version: 4.76
Platform: Other
OS/Version: FreeBSD
Status: NEW
Severity: bug
Priority: high
Component: Delivery in general

i had exim 4.69 on freebsd and was hacked with buffer overflow exploit
after that i upgraded to 4.76 :

exim -bV
Exim version 4.76 #0 (FreeBSD 7.2) built 29-Jul-2011 17:54:42
Copyright (c) University of Cambridge, 1995 - 2007
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl Expand_dlfunc
OpenSSL Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz
dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/local/etc/exim/configure

and today i found the same perl trojan hidden as exim4 running under mailnull

the only thing in paniclog was:
2011-08-11 17:30:42 string too large in smtp_notquit_exit()

and rejectlog has something which might be the exploit attempt

2011-08-06 13:29:02 ( []
F=<> rejected RCPT <postmaster@localhost>: relay not permitted
2011-08-06 13:29:03 SMTP protocol synchronization error (next input sent too
soon: pipelining was advertised): rejected "Header0000:
( [] next input="Header0001:

Configure bugmail:

## List details at Exim details at ##