Re: [exim] Exim installations data

Top Page
Delete this message
Reply to this message
Author: Alain Williams
Date:  
To: Exim Users
Subject: Re: [exim] Exim installations data
On Mon, Dec 13, 2010 at 10:29:21AM +0000, Mike Cardwell wrote:
> Regarding the recent remote exploit for Exim. I had an idea and I wasn't
> sure if it was crazy. The idea was to scan port 25 across the entire
> Internet looking for Exim installations of version <= v4.69 by
> inspecting the welcome banner, then later alerting the maintainers of
> these systems about the problem and telling them to upgrade.


The version number is not the whole story, unfortunately.
For instance, one of my customers' machines is running Centos 4,
this was updated with a patched exim last night. When you connect
on port 25 you get:

    220 survey.XXXXX.com ESMTP Exim 4.43 Mon, 13 Dec 2010 11:06:04 +0000


The clue that it is patched is the build date.

--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h>