On 2017-05-09, Andrew C Aitchison wrote:
> On Tue, 9 May 2017, ad...@bugs.exim.org wrote:
>
>> https://bugs.exim.org/show_bug.cgi?id=2118
>>
>> Jasen Betts changed:
>>
>> What|Removed |Added
>>
https://bugs.exim.org/show_bug.cgi?id=2118
--- Comment #9 from Sandor Takacs ---
(In reply to Phil Pennock from comment #8)
> A stance and a code change by Exim.
>
> (1) This is not a vulnerability in Exim. Exim trusts the local user to be
> allowed access to their own
https://bugs.exim.org/show_bug.cgi?id=2118
Phil Pennock changed:
What|Removed |Added
CC||p...@exim.org
https://bugs.exim.org/show_bug.cgi?id=2118
Phil Pennock changed:
What|Removed |Added
Priority|critical|medium
--
You are receiving this
https://bugs.exim.org/show_bug.cgi?id=2118
Phil Pennock changed:
What|Removed |Added
Assignee|ni...@exim.org |p...@exim.org
--
You are
On Tue, 9 May 2017, ad...@bugs.exim.org wrote:
https://bugs.exim.org/show_bug.cgi?id=2118
Jasen Betts changed:
What|Removed |Added
CC|
https://bugs.exim.org/show_bug.cgi?id=2118
Jasen Betts changed:
What|Removed |Added
CC||ja...@treshna.com
--- Comment
Viktor Dukhovni (Sa 06 Mai 2017 01:33:17 CEST):
>
> One workaround would be to only process "-be" when invoked as "exim", ...
> and not when the last path component argv[0] is "sendmail".
I'm working on a "sendmail" to be shipped with Exim, replacing
the current
> On May 7, 2017, at 3:08 PM, ad...@bugs.exim.org wrote:
>
> Maybe it would be possible to avoid accepting further command line arguments
> after â-fâ, but that doesn't seem sufficiently backwards-compatible.
No, but behaving like a minimal sendmail(1)-compatible CLI when argv[0]
ends in
https://bugs.exim.org/show_bug.cgi?id=2118
Florian Weimer changed:
What|Removed |Added
CC||f...@deneb.enyo.de
---
> On May 5, 2017, at 5:41 PM, Andrew C Aitchison wrote:
>
> On Fri, 5 May 2017, ad...@bugs.exim.org wrote:
>
>> https://bugs.exim.org/show_bug.cgi?id=2118
>>
>> --- Comment #5 from Heiko Schlittermann ---
>> (In reply to Sandor Takacs from
On Fri, 5 May 2017, ad...@bugs.exim.org wrote:
https://bugs.exim.org/show_bug.cgi?id=2118
--- Comment #5 from Heiko Schlittermann ---
(In reply to Sandor Takacs from comment #0)
I found this WordPress + Exim remote code execution exploit on exploit-db
site. It uses
https://bugs.exim.org/show_bug.cgi?id=2118
--- Comment #5 from Heiko Schlittermann ---
(In reply to Sandor Takacs from comment #0)
> I found this WordPress + Exim remote code execution exploit on exploit-db
> site. It uses "exim -be '${run...}'" to place payload on the
https://bugs.exim.org/show_bug.cgi?id=2118
Heiko Schlittermann changed:
What|Removed |Added
CC|
https://bugs.exim.org/show_bug.cgi?id=2118
--- Comment #3 from Jeremy Harris ---
You've created a file. In a place you're allowed to create files.
Where's the remote shell? What attacked site?
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugs.exim.org/show_bug.cgi?id=2118
--- Comment #2 from Sandor Takacs ---
If you run this as www-data you can create a remote shell to the attacked site
as the linked PoC says. I tried it im my FreeBSD box:
[r...@alkoholista.hu ~]# ls -l /tmp/test
ls: /tmp/test: No
https://bugs.exim.org/show_bug.cgi?id=2118
--- Comment #1 from Jeremy Harris ---
Please explain why this is a problem?
If you can run commands you can do stuff, yes. Just like being able to run,
say, "dd". What you can write still depends on who you are and what
https://bugs.exim.org/show_bug.cgi?id=2118
Sandor Takacs changed:
What|Removed |Added
CC||t...@alkoholista.hu
18 matches
Mail list logo