Re: [exim] just been hacked, could be CVE-2019-10149?

Góra strony
Delete this message
Reply to this message
Autor: Calum Mackay
Data:  
Dla: exim-users
Temat: Re: [exim] just been hacked, could be CVE-2019-10149?
thanks Heiko, yes, good point re unstable.

In this case, the fix /was/ available in unstable, but a few other
issues with updating had led to a delay, on that system, which proved
unfortunate.

thanks,
calum.

On 19/06/2019 12:47 pm, Heiko Schlittermann via Exim-users wrote:
> Calum Mackay via Exim-users <exim-users@???> (Di 11 Jun 2019 01:39:22 CEST):
>> My mail system has just been hacked; it's running Debian unstable exim
>> 4.91-9
>
> I just checked https://packages.debian.org/unstable/mail/, and they list
> 4.92-8 there. So your 4.91 seems to be outdated a bit.
>
> But generally speaking, I wouldn't not rely on the same speed in fixing
> critical issues for unstable releases than I'd expect for stable
> releases. So, running an unstable release you're somewhat on your own.
>
>> Could it be CVE-2019-10149? I don't see any reports of active exploits yet.
>
> Yes, it could be.
>>
>> ought I to be reporting this anywhere?
>
> Not sure. The issue is wellknown meanwhile. And some distros already
> supplied fixed packages or stated that they run very outdated (<4.87)
> Exim versions and are not vulnerable for this reason.
>
>      Best regards from Dresden/Germany
>      Viele Grüße aus Dresden
>      Heiko Schlittermann
> --
>   SCHLITTERMANN.de ---------------------------- internet & unix support -
>   Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
>   gnupg encrypted messages are welcome --------------- key ID: F69376CE -
>   ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

>
>