Re: [exim] The most used Exim version is the vulnerable one

Pàgina inicial
Delete this message
Reply to this message
Autor: Konstantin Boyandin
Data:  
A: exim-users
Assumpte: Re: [exim] The most used Exim version is the vulnerable one
> Am 11. Juni 2019 17:10:09 MESZ schrieb Cyborg via Exim-users
<exim-users@???>:
>> Hi Guys,
>>
>> at the end of this article, is a shodan graph of exim servers in the
>> wild :
>>
>> https://www.helpnetsecurity.com/2019/06/07/exim-cve-2019-10149/
>>
>> Guess which versions are 90% of all exims out there?
>
> If i read right, the most major distributors (as exim maintainers too)

backported any patch or solution at least to the most used earlier versions
(still provided in their patches / sec updates - so the "90% of vulnerable" may
be way to high att. But 90% sound "more impressive"...ß).

If I am not mistaken, CentOS 6.10 EPEL didn't apply any patches,
original Exim 4.91 is still their last version.

So either build manually, or switch to another MTA, or hope that
"allowed chars" trick will be good enough protection.

Sincerely,
Konstantin