A new exim vulnerability was reported May 6th, 2004. Here is a link to one of the advisories I came across:
Exim Buffer Overflow Vulnerabilities
Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
Sender Verification (reported to affect 3.35)
Temporary Work Around
It appears there is only an issue with this vulnerability if exim is setup with "sender_verify = true" in the exim.conf file. A temporary work around is to disable this confugration directive and restart exim.
Fix
Update to a newer version of exim.
Header Syntax Checking (reported to affect 3.35, and 4.32)
Temporary Work Around
For 3.35:
Disable 'headers_check_syntax', if it has been enabled.
For 4.32:
Disable 'require verify = header_syntax', if it has been enabled.
Fix
Update to a newer version of exim. Currently CPanel has released an update for the EDGE and CURRENT builds, but there is still no update for the RELEASE and STABLE builds.
You may be able to force it to update exim to the newest version by running the following commands:
/scripts/updatenow
/scripts/updated
/scripts/exim4
