------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=589
Summary: buffer overflow in moan_check_errorcopy()
Product: Exim
Version: 4.67
Platform: x86
OS/Version: Linux
Status: NEW
Severity: bug
Priority: medium
Component: General execution
AssignedTo: ph10@hermes.cam.ac.uk
ReportedBy: lefreak@hotbrev.com
CC: exim-dev@exim.org
i think there is buffer overflow in moan_check_errorcopy() in src/moan.c
line 614:
Ustrncpy(temp, localpart, llen);
it copies mailbox part of mailadress to char temp[256] but mailbox part can be
larger than 256 chars!!!
i dont think this is real security buffer overflow but i think youre interested
anyways
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=589
Summary: buffer overflow in moan_check_errorcopy()
Product: Exim
Version: 4.67
Platform: x86
OS/Version: Linux
Status: NEW
Severity: bug
Priority: medium
Component: General execution
AssignedTo: ph10@hermes.cam.ac.uk
ReportedBy: lefreak@hotbrev.com
CC: exim-dev@exim.org
i think there is buffer overflow in moan_check_errorcopy() in src/moan.c
line 614:
Ustrncpy(temp, localpart, llen);
it copies mailbox part of mailadress to char temp[256] but mailbox part can be
larger than 256 chars!!!
i dont think this is real security buffer overflow but i think youre interested
anyways
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##