| 1 |
> > Do they need telnet or ssh access, |
| 2 |
> |
| 3 |
> I don't understand this obsession with ssh or telnet. Remote code |
| 4 |
> execution means that malicious party can execute any code on |
| 5 |
> affected system. |
| 6 |
> |
| 7 |
|
| 8 |
To elaborate, since exim is an SMTP server it will be listening on TCP/25. |
| 9 |
All the attacker needs to do is run an SMTP command that will prompt exim |
| 10 |
to perform a lookup on a very long FQDN. The first command an SMTP client |
| 11 |
issues to an SMTP server is 'HELO <some FQDN>'. Exim can be configured to |
| 12 |
check if that the FQDN is valid, as a way of trying to distinguish spammers |
| 13 |
from valid mail servers. So here we have a situation where a security |
| 14 |
control happens to make the server less secure, and we have all that's |
| 15 |
required for exploitation in a nice package. |
Archives