lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030817170044.75188893.ssy@niafc.de>
From: ssy at niafc.de (Matthias Wabersich)
Subject: TCP port 25 traffic?

On Sat, 16 Aug 2003 15:45:09 -0700
Josh Karp <josh.karp@...ionael.com> wrote:

> I've seen an unusual amount of connection attempts to TCP port 25 on a
> particular system in my network as of the past 48 hours or so. It's only
> this one system, and it's multiple source IP's. Is there anything new for
> SMTP? 
> 
> Thanks for any info... josh 
> 
Hello all,

first post on this list *sigh*.
German RUS-CERT of University of Stuttgart stated on Thu, 14 August that there is a flaw in Exim (Ver. 3.x and 4.x up to 4.20). Version 4.21 is not affected. In these versions it is possible to overflow a buffer using the HELO or EHLO command.

Confirming to the post the buffer can only be overwritten with constant data that is not given by the attacker. So an exploitation of this flaw is unlikely.

You can use these patches to fix up the flaw: 

http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html


If you are capable of reading german, here is the original post:

http://CERT.Uni-Stuttgart.DE/ticker/article.php?mid=1133


As stated earlier, it is unlikely that this flaw can be exploited, but one never knows. I could not confirm any odd behaviour of exim since I am using vendor-provided versions which obviously are not affected.

Greetings,

M.W.
(apologize my bad english if you find it to be so)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ