Bug#818897: Exim4 change CWD string to /
Andreas Metzler
ametzler at bebt.de
Sun Mar 27 16:19:43 UTC 2016
On 2016-03-21 Roman Bulakh <bulah.roman at gmail.com> wrote:
> Package: exim4
> Version: 4.80-7+deb7u2
> After updates exim to version 4.80-7+deb7u2 exim.c change CWD dir to /
> on startup.
> Checking cwd=/some/vay was a popular heuristic for
> identifying the source of malware sending email.
> The output would look something like this:
> 2016-03-04 11:46:22 cwd=/root 9 args: /usr/sbin/sendmail -FCronDaemon
> -i -odi -oem -oi -t -f root
> Now it looks like this:
> 2016-03-04 11:46:22 cwd=/ 9 args: /usr/sbin/sendmail -FCronDaemon -i
> -odi -oem -oi -t -f root
[...]
Hello,
/usr/share/doc/exim4-base/changelog.Debian.gz
exim4 (4.80-7+deb7u2) wheezy-security; urgency=high
* 88_CVE-2016-1531.diff:
[...]
+ Exim changes it's working directory to / right after startup.
[...]
* 89_01_only_warn_on_nonempty_environment.diff,
89_02_Store-the-initial-working-directory.diff: Upstream followups on the
CVE fix (Thanks, Heiko Schlittermann!):
[...]
+ Store the initial working directory and make it available in the new
expansion variable $initial_cwd.
Sadly I made an error with the latter patch, but it is going to be fixed
in the next point release. See <https://bugs.debian.org/818225>, you can
already grab 4.80-7+deb7u3 directly from the mirrors.
http://ftp.at.debian.org/debian/pool/main/e/exim4/
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-exim4-maintainers
mailing list