1 |
> > Do they need telnet or ssh access, |
2 |
> |
3 |
> I don't understand this obsession with ssh or telnet. Remote code |
4 |
> execution means that malicious party can execute any code on |
5 |
> affected system. |
6 |
> |
7 |
|
8 |
To elaborate, since exim is an SMTP server it will be listening on TCP/25. |
9 |
All the attacker needs to do is run an SMTP command that will prompt exim |
10 |
to perform a lookup on a very long FQDN. The first command an SMTP client |
11 |
issues to an SMTP server is 'HELO <some FQDN>'. Exim can be configured to |
12 |
check if that the FQDN is valid, as a way of trying to distinguish spammers |
13 |
from valid mail servers. So here we have a situation where a security |
14 |
control happens to make the server less secure, and we have all that's |
15 |
required for exploitation in a nice package. |