git://git.exim.org / users / jgh / exim.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2e30fa9) | patch
The "spam" ACL condition code contained a sscanf() call with a %s
authorMagnus Holmgren <holmgren@lysator.liu.se>
Mon, 14 May 2007 18:56:25 +0000 (18:56 +0000)
committerMagnus Holmgren <holmgren@lysator.liu.se>
Mon, 14 May 2007 18:56:25 +0000 (18:56 +0000)
commit0806a9c5bfe809d616ae63fa68e959a2fac2a864
treeccf3ad57110bf850a58633f06e5e136565943962tree | snapshot
parent2e30fa9d9b2353551db96aef5c770460f92e1515commit | diff
The "spam" ACL condition code contained a sscanf() call with a %s
conversion specification without a maximum field width, thereby
enabling a rogue spamd server to cause a buffer overflow. While nobody
in their right mind would setup Exim to query an untrusted spamd
server, an attacker that gains access to a server running spamd could
potentially exploit this vulnerability to run arbitrary code as the
Exim user.
doc/doc-txt/ChangeLog diff | blob | history
src/src/spam.c diff | blob | history
Jeremy Harris' staging directory