[Remops] exim4: Exploitable memory corruption vulnerability (CVE-2010-4344)
simone at winstonsmith.info
simone at winstonsmith.info
Thu May 3 08:13:22 BST 2012
Warning, to install exim4
present the very important BUG.
exim4: Exploitable memory corruption vulnerability (CVE-2010-4344)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612
Package: exim4
Version: 4.69-9
Severity: critical
Tags: security
Justification: root security hole
There is a discussion on exim-dev[0] relating to an incident of root-level
compromise owing to a couple of bugs. The first (the remote attack)
appears[1] to be related to a bug already fixed in mainline[2].
.....
http://www.exim.org/lurker/message/20101210.164935.385e04d0.en.html
---
apt-get purge exim4 doesn't delete Debian-exim4 account
Binary package hint: exim4
I was uninstalling the exim4 package using command:
apt-get purge exim4 exim4-base exim4-config exim4-daemon-light
I expected the Debian-exim account and group to be automatically
deleted, but it is not the case. Apparently there is no error message.
I am using Ubuntu 10.04.2 LTS.
continue
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/731324
Simone
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20120503/37b0a868/attachment.pgp>
More information about the Remops
mailing list