Re: [exim] just been hacked, could be CVE-2019-10149?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Heiko Schlittermann
Date:  
À: exim-users
Sujet: Re: [exim] just been hacked, could be CVE-2019-10149?
Calum Mackay via Exim-users <exim-users@???> (Di 11 Jun 2019 01:39:22 CEST):
> My mail system has just been hacked; it's running Debian unstable exim
> 4.91-9


I just checked https://packages.debian.org/unstable/mail/, and they list
4.92-8 there. So your 4.91 seems to be outdated a bit.

But generally speaking, I wouldn't not rely on the same speed in fixing
critical issues for unstable releases than I'd expect for stable
releases. So, running an unstable release you're somewhat on your own.

> Could it be CVE-2019-10149? I don't see any reports of active exploits yet.


Yes, it could be.
>
> ought I to be reporting this anywhere?


Not sure. The issue is wellknown meanwhile. And some distros already
supplied fixed packages or stated that they run very outdated (<4.87)
Exim versions and are not vulnerable for this reason.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -