Remote root vulnerability in Exim

[ Thanks to An Anonymous Reader for this link. ]

"Hi,

"While investigating security break in the network of my company, I've captured (by tcpdump) sequence of successful remote root attack through Exim. It was Exim from Debian Lenny (exim4-daemon-light 4.69-9). I didn't find email of current maintainer of Exim, so I've decided to write to this mailing lists. I don't want to publish all details of attack before developers can investigate and fix vulnerability. So I ask Exim maintainers to contact me and I will send them complete captured sequence of attack. Here I can put brief sequence of attack:"

Complete Story

Related Stories:

• Interesting kernel exploit posted(Dec 08, 2010)
• OSSIM: the Open Source Security Information Manager(Dec 01, 2010)
• A history of viruses on Linux(Nov 29, 2010)
• Red Hat warns of hole in OpenSSL(Nov 17, 2010)
• Linux vs. Windows: Suspending logic and reason for blind faith(Nov 12, 2010)
• Kernel vulnerabilities: old or new?(Oct 28, 2010)
• Past, Present and Future of Metasploit(Oct 26, 2010)