Ok, I'll bite.
How can:
log_write(0, LOG_MAIN, (char *)logmsg)
be used to arbitrarily inject code? I understand the concept, but
having % in the logmsg with no parameters to feed it seems harmless to
me.
On Tue, May 17, 2011 at 10:43 AM, MH Michael Hammer (5304)
<MHammer(_at_)ag(_dot_)com> wrote:
Thought this might be of passing interest to the list.
http://www.h-online.com/security/news/item/Critical-hole-in-the-Exim-Mail-server-closed-1239543.html
Mike
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
--
Jeff Macdonald
Ayer, MA
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops