1 |
On Fri, 30 Jan 2015 12:19:01 -0500 symack wrote: |
2 |
> Hello Andrew, |
3 |
> |
4 |
> Thank you for your response. For example, Exim implements reverse lookup. |
5 |
> How is malicious activity used against it? |
6 |
|
7 |
Exim uses vulnerable function depending on its configuration, that's |
8 |
why it may be possible to remotely execute code with privileges of |
9 |
the exim process. |
10 |
|
11 |
> Do they need telnet or ssh access, |
12 |
|
13 |
I don't understand this obsession with ssh or telnet. Remote code |
14 |
execution means that malicious party can execute any code on |
15 |
affected system. |
16 |
|
17 |
> or buy some freak of nature can exploit the vulnerability in other ways? |
18 |
|
19 |
Considering how old one's setup should be to be affected to this |
20 |
issue, it is likely that such systems have another vulnerabilities, |
21 |
allowing attacker to gain root privileges even if exim itself is |
22 |
being run as a non-root user. |
23 |
|
24 |
Best regards, |
25 |
Andrew Savchenko |