Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jun 14, 2001

  • Conectiva Linux Security Announcement - exim (2001-06-14 13:30:00)
    "Megyer Laszlo reported a format bug vulnerability in the exim package that could lead to a compromise if exim is run as root. This software is not installed by default on Conectiva Linux 6.0 and, even if installed, the default configuration is not vulnerable because it does not include the "headers_check_syntax" option in the /etc/exim.conf configuration file which is needed to trigger the bug. If, however, that option is enabled, and exim is also used to process batched SMTP input (via the -bS command-line option), then the service becomes vulnerable and a remote attack becomes possible."