Re: [exim] The most used Exim version is the vulnerable one

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Konstantin Boyandin
日付:  
To: exim-users
題目: Re: [exim] The most used Exim version is the vulnerable one
> Am 11. Juni 2019 17:10:09 MESZ schrieb Cyborg via Exim-users
<exim-users@???>:
>> Hi Guys,
>>
>> at the end of this article, is a shodan graph of exim servers in the
>> wild :
>>
>> https://www.helpnetsecurity.com/2019/06/07/exim-cve-2019-10149/
>>
>> Guess which versions are 90% of all exims out there?
>
> If i read right, the most major distributors (as exim maintainers too)

backported any patch or solution at least to the most used earlier versions
(still provided in their patches / sec updates - so the "90% of vulnerable" may
be way to high att. But 90% sound "more impressive"...ß).

If I am not mistaken, CentOS 6.10 EPEL didn't apply any patches,
original Exim 4.91 is still their last version.

So either build manually, or switch to another MTA, or hope that
"allowed chars" trick will be good enough protection.

Sincerely,
Konstantin