Исходное сообщение
"Обновление Exim 4.94.2 с устранением 10 удалённо эксплуатиру..." Отправлено Аноним, 05-Май-21 05:02
Пример, CVE-2020-28017: "The name of the log file in buffer is derived from file_path, which is derived from log_file_path, a format string defined at compile time (or re-defined by the configuration file). On Debian, log_file_path is "/var/log/exim4/%slog", and "%s" is converted to "main", "reject", "panic", or "debug" at run time (line 398). An attacker with the privileges of the "exim" user can create a symlink (or a hardlink) in the log directory, append arbitrary contents to an arbitrary file (to /etc/passwd, for example), and obtain full root privileges:" Код писали, мозгами не думали - C тут не причём. // b.

Ваше сообщение
Имя*:
EMail:	Для отправки ответов на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> Пример, CVE-2020-28017: > "The name of the log file in buffer is derived from file_path, > which is > derived from log_file_path, a format string defined at compile time (or > re-defined by the configuration file). On Debian, log_file_path is > "/var/log/exim4/%slog", and "%s" is converted to "main", "reject", > "panic", or "debug" at run time (line 398). > An attacker with the privileges of the "exim" user can create a > symlink > (or a hardlink) in the log directory, append arbitrary contents to an > arbitrary file (to /etc/passwd, for example), and obtain full root > privileges:" > Код писали, мозгами не думали - C тут не причём. > // b.
	Введите код, изображенный на картинке: