Friday, December 10, 2010

Possible Remote Root Vuln in Exim

Due to a post from Sergey Kononenko it can be possible that the current version of Exim in Debian allows an attacker to access root through a malicious mail. He contacts the exim developers through their mailing list and describes an attack which occured in his company.

This vulnerability was already reported as a bug on the debian bug tracking system.

Let's see when exploit-db and metasploit have the first exploits ;-)