Author here: If you're unfamiliar with machine learning, this post gives a neat example of machine learning on binary data.

If you're familiar, jump straight to our technical challenge at https://mlb.praetorian.com.

Nice, and thanks!

Qualys Security Advisory: http://www.openwall.com/lists/oss-security/2015/01/27/9

Lots of info about their discovery. Apparently they developed a PoC exploit. They've also included a pretty short test program to determine if a system is vulnerable or not.

Here's a gist of the test (copied from their advisory): https://gist.github.com/amlweems/6e78d03810548b4867d6

    - At most sizeof(char *) bytes can be overwritten (ie, 4 bytes on 32-bit
      machines, and 8 bytes on 64-bit machines). Bytes can be overwritten
      only with digits ('0'...'9'), dots ('.'), and a terminating null
      character ('\0').

    - Despite these limitations, arbitrary code execution can be achieved.
      As a proof of concept, we developed a full-fledged remote exploit
      against the Exim mail server, bypassing all existing protections
      (ASLR, PIE, and NX) on both 32-bit and 64-bit machines. We will
      publish our exploit as a Metasploit module in the near future.

Wow, that's actually amazing! I never would have thought it possible. As tonyhb says, it will be really interesting 'in the near future' to see how they managed to do it.

Does this mean it currently is only a problem for mail servers?

That's a great writeup. It will be really interesting to see how they achieve remote code execution under those limitations.

Also surprising to note that we've been vulnerable since November 2000.

They give it away (which I find moderately not nice of them) by saying they used Exim (the mail server) in their POC.

The default exim config seems to not be vulnerable.

I checked the configs on two of my systems, one default, and one heavily customized, neither had the helo verification turned on.