[bitfolk] Exim remote root exploit

For those running Exim <= 4.69 (the default Debian MTA), you should be aware there is an exploit for remote *root* code execution in the wild. The fix is in lenny-security and in Ubuntu: http://lists.debian.org/debian-security-announce/2010/msg00181.html Steve Kemp has a package for any Etch users (without security support!) still around: http://blog.steve.org.uk/the_remote_root_hole_in_exim4_is_painful.html Also for Red Hat-based people: https://bugzilla.redhat.com/show_bug.cgi?id=661756 The fixes at the moment are only for the remote code execution, then the root privilege escalation (CVE-2010-4345) is being addressed separately "soon". -- Dominic Cleal dominic(a)computerkb.co.uk