[21001] in bugtraq
Re: lil' exim format bug
daemon@ATHENA.MIT.EDU (Robert van der Meulen)
Wed Jun 13 17:30:23 2001
Date: Tue, 12 Jun 2001 20:42:46 +0200
From: Robert van der Meulen <rvdm@cistron.nl>
To: Foldi Tamas <crow@kapu.hu>
Cc: bugtraq@securityfocus.com
Message-ID: <20010612204246.A11887@wiretrip.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <992339134.21746.2.camel@DarkSun>
Hi,
Quoting Foldi Tamas (crow@kapu.hu):
> All of the downloadable versions are still buggy, and I can't understand
> why does it recommend the main-main-developer to paste '%s' into the
> source code.
> The following patch should work against this ugly format bug:
<snip patch>
The debian packages have been fixed, and an announcement has been sent.
> At the moment, we know another 'ugly' bug in the exim main code, but
> because of your tone it's not published. I can't understand, why do you
> use this tone against people, who audits your shity code, which has some
> errors in it.
If you believe in full disclosure, and you were submitting this bug for the
security community (why else?) - why are you letting the same principles
down after getting a remark you didn't like ?
> >> /etc/exim.conf should have an option set:
> >This is not the default name or location for the exim config file.
> >> lez:~$ /usr/sbin/exim -bS
> These values are defaults in most linuxes.
No. Most linuxes i encountered had this option disabled by default in
exim.conf.
Greets,
Robert
--
Linux Generation
encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key.
Never trust a child farther than you can throw it.
