I'll bite... Has anybody reproduced Exim CVE-2019-15846, or tested a working PoC? The Qualys report seems to indicate that a trailing '\' in the SNI is all you need to trigger an OOB read. But even with an AddressSanitizer build of Exim, I've yet to see anything interesting.
-
-
You may find some answers here https://www.synacktiv.com/posts/exploit/scraps-of-notes-on-exploiting-exim-vulnerabilities.html …
-
Shell or GTFO ;-)
- 2 more replies
New conversation -
-
-
Hah at the
$rax value, yeah that's done for. Well done!
-
I've been testing this as well, looks like you've got the full arbitrary write anywhere primitive from your screenshot which mirrors the qualysys email chains in source code. Exciting, that's a great remote root exploit.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.